2

I have created a flex application in the Python Gae sdk and I got the error 2048, so I put a crossdomain.xml under the static folder. The crossdomain.xml is following:

<?xml version="1.0"?> 
<!DOCTYPE cross-domain-policy SYSTEM “/xml/dtds/cross-domain-policy.dtd”>
<cross-domain-policy> 
<site-control permitted-cross-domain-policies="all"/> 
<allow-access-from domain="*" to-ports="*" secure="false"/> 
<allow-http-request-headers-from domain="*" headers="*" secure="false"/> 
</cross-domain-policy>

And, I add the following in the app.yaml:

- url: /crossdomain.xml 
  static_files: static/crossdomain.xml 
  upload: static/crossdomain.xml

However, I still got the error 2048. Therefore, I would like to know is anything I need to configure or miss in my case and how to fix the error.

Please advice. Thanks.

michael
  • 1,160
  • 7
  • 19
  • I don't know much about Google App Engine, nor it's directory structure; but the crossdomain.xml file must be in the web root of the server whose remote services you are accessing. It is not clear to m where you had put it in relation to your app and the services you're calling. Does that help? – JeffryHouser Feb 14 '11 at 15:01
  • Thanks for your comment. For Gae, we can not direct access its file system, we need to set the services or file in the app.yaml. – michael Feb 14 '11 at 23:45
  • It's not the filesystem that's important, it's the `domain.com/crossdomain.xml` location that's going to matter to the FlashPlayer. – ocodo Feb 15 '11 at 00:49

2 Answers2

4

I haven't used crossdomain.xml with Flash, but I have with Unity3d. I've gotten it to work, and what you have looks correct.

Have you visited yoursite.com/crossdomain.xml to make sure it's visible in a browser?

If Flash is really picky you might need to specify a mimetype (text/xml or application/xml)

- url: /crossdomain.xml 
  mime_type: text/xml
  static_files: static/crossdomain.xml 
  upload: static/crossdomain.xml

You also might want to check you crossdomain.xml in a validator to make sure you're not missing a /> or something like that.

Also, check out html5boilerplate's crossdomain.xml. Their least restrictive version should work on any site:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>


<!-- Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html -->

<!-- Most restrictive policy: -->
<!--
    <site-control permitted-cross-domain-policies="none"/>
-->


<!-- Least restrictive policy: -->
    <site-control permitted-cross-domain-policies="all"/>
    <allow-access-from domain="*" to-ports="*" secure="false"/>
    <allow-http-request-headers-from domain="*" headers="*" secure="false"/>
<!--
  If you host a crossdomain.xml file with allow-access-from domain=“*”      
  and don’t understand all of the points described here, you probably       
  have a nasty security vulnerability. ~ simon willison
-->

</cross-domain-policy>
Calvin
  • 4,177
  • 1
  • 16
  • 17
  • Thanks Calvin, I appreciate your help. I can view the crossdomain.xml by "http://localhost:8080/crossdomain.xml". I have tried adding the "mime_type: text/xml", actually I have tried it before I post the question, and use your crossdomain.xml, but I still got error 2048. – michael Feb 15 '11 at 02:29
  • Are you pulling data from a source besides localhost? Because I think that domain would need to allow crossdomain access. At one point I also had `` in it, but was more restrictive. – Calvin Feb 15 '11 at 03:11
  • The other domain already have a crossdomain.xml, I also can access it. – michael Feb 15 '11 at 03:28
  • I'm pretty stumped. Maybe you could do a [packet trace](http://support.apple.com/kb/HT3994) to see which crossdomain.xml files your app is requesting (or is that what fiddler does)? – Calvin Feb 15 '11 at 05:27
  • Yes, fiddler will do the packet trace. But I do not see the local crossdomain.xml is requested during the load of operation. – michael Feb 15 '11 at 05:32
  • Have a look at this michael, it may help... http://goo.gl/usvHZ - `loadPolicyFile` allows you to load a crossdomain.xml from an arbitrary location on the webserver. – ocodo Feb 15 '11 at 09:07
1

FlashPlayer is looking for the crossdomain.xml file in the URL domain root, e.g.

domain.com/crossdomain.xml

Is where the FlashPlayer wants to find it.

However, you can use Security.loadPolicyFile(url) to load a crossdomain.xml file from an alternate location on the server.

More info on Adobe livedocs

shanethehat
  • 15,460
  • 11
  • 57
  • 87
ocodo
  • 29,401
  • 18
  • 105
  • 117
  • Thanks for your answer. Gae is quit difficult to define the domain root. Please refer to the update. – michael Feb 15 '11 at 03:10
  • I have already tried Security.loadPolicyFile(url). The crossdomain.xml can be loaded, but I still get the error. – michael Feb 15 '11 at 09:47