0

I have a web server using gevent.pywsgi.WSGIServer (http://www.gevent.org/gevent.pywsgi.html)and I need to handle a non-http request as well as normal http requests.

Server:
    web_server = gevent.pywsgi.WSGIServer(('', 8080), web_server);
    web_server.serve_forever();

Handler:
def viewer_command_server(env, start_response):
    if env['REQUEST_METHOD'].upper() == "PUT":
        path = env["PATH_INFO"]
        start_response("200 OK", [("Content-Type", "text/html"), ("Cache-Control", "no-cache"), ("Connection","keep-alive")])
            return [ ""]

This handles normal PUT requests, but I would like also server the crossdomain.xml file used by a flash application. But the problem is I get this when the flash application tries to retrieve its crossdomain.xml file.

"socket fileno=13 sock=66.228.55.170:9090 peer=96.54.202.251:63380: Invalid HTTP method: '<policy-file-request/>\x00'
96.54.202.251 - - [2012-05-21 22:58:53] "<policy-file-request/>" 400 0 2.940527
"

Is there any way to handle this request as well? Adobe recommends running a separate tcp server on port 843 to serve this file. I would like to keep everything on port 8080.

Tereus Scott
  • 674
  • 1
  • 6
  • 11

2 Answers2

0

The protocol spoken on port 843 is not HTTP. See http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html.

A valid HTTP request looks like

GET /path HTTP/1.0

(See e.g. http://www.jmarshall.com/easy/http/#sample for more examples.)

If there's a way to tell the Flash Player client to look for the policy file on some port other than 843, then maybe there's a way to tell it to use HTTP instead of this custom XML-ish "" message, and then and only then could you handle this from your HTTP server.

Anything is possible but I don't think it sounds like a good idea at all to handle non-HTTP requests as part of your WSGI server on the same port 8080 that it uses for HTTP.

metamatt
  • 13,809
  • 7
  • 46
  • 56
  • Thanks, the problem is that flash uses it's own 'xmlish' query _and_ if it can not get an answer on port 843, then it falls back to the http port. There are times when it can not connect to 843 for some reason and it is not visible in the app. So the http server still gets the request. It would be a much smoother if we could just trap and handle this case. – Tereus Scott May 23 '12 at 18:15
  • I don't know for sure what all the flash player does, but that doesn't sound like a reasonable behavior -- that it always sends non-http requests to what it knows is an http server, when it can't contact port 843. (That's going to be pretty common; lots of companies firewall everything and then proxy only ports 80 and 443, for example.) Are you sure there's not more going on here? – metamatt May 25 '12 at 01:55
  • Re "trap and handle" this case -- you could probably hack your wsgi server badly enough to do that, but it's gonna be ugly. – metamatt May 25 '12 at 01:55
  • The real question is whether there's a way to tell flash player to request the policy file over http instead of xmlsocket (this is apparently the name for their custom protocol which always consists of this method). From reading http://help.adobe.com/en_US/ActionScript/3.0_ProgrammingAS3/WS5b3ccc516d4fbf351e63e3d118a9b90204-7c60.html, it doesn't look like it, but maybe you can just pass an http://foo URL to Security.loadPolicyFile() instead of a xmlsocket://foo URL. – metamatt May 25 '12 at 01:58
  • OTOH, http://livedocs.adobe.com/flashlite/3.0/docs/help.html?content=00005452.html makes it look you can use http:// URIs with Security.loadPolicyFile(). But it's a bit confusingly written. Try that and see if you get useful results? – metamatt May 25 '12 at 02:00
0

I managed to peel this one back a bit further today. Buried in the adobe documentation is a note that if you are using a raw socket then fit will go looking for your cross domain file using their raw XML query. It does appear to work if you specify 'http' and it does go and get the cross domain file via http. The problem for me was that I was using a raw tcp socket in my flash script. So it went off to try to get the cross domain file from that server. So to keep things simple I will change the network calls to use http. That is what they are doing anyway (I was using a sample I found that does streaming using http multipart response)

Tereus Scott
  • 674
  • 1
  • 6
  • 11