Has anyone been able to successfully implement a service to serve the required socket policy file to FlashPlayer?

I am running the Python implementation of the service provided by Adobe at

http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html

and using the following policy file:

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
 <site-control permitted-cross-domain-policies="master-only"/>
 <allow-access-from domain="*" to-ports="*" secure="false"/>
</cross-domain-policy>

and receiving this message from Flash:

[SecurityErrorEvent type="securityError" bubbles=false 
cancelable=false eventPhase=2
text="Error #2048: 
Security sandbox violation: http://www.mapopolis.com/family/Tree.swf   
cannot load data from www.mapopolis.com:1900."]

Thanks.

There's now a module for the Apache webserver to server socket policy files compatible with the new Flash 9.whatever and Flash 10+ which require socket policy files to be served using the Adobe socket protocol.

http://www.beamartyr.net/articles/adobepolicyfileserver.html

I've hit this a couple of times now, trying to use someone else's policy server, and writing my own. The elements that I've found that all need to be there:

• listen on socket 843.
• When receiving a new connection, read all data. Don't just send the policy on connect!
• optionally, you can test if the received data is a correct policy request, or just ignore it. I haven't seen a good reason to validate in my usage.
• send the xml with the trailing "\0" byte.
• close the socket!
• more than likely you need the secure="false" option in the allow-access-from section of the policy.

Assuming you are using AS3...

You can override crossdomain.xml policy files in your flash like this:

Security.allowDomain("*");
Security.allowInsecureDomain("*");

But if you need crossdomain.xml make sure it is in your root of the server you are trying to access. Also try a complely base simple version to make sure it works such as:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy> 

Make sure it is named crossdomain.xml and in your root.

You can also change the policy file to another server or filename like this:

Security.loadPolicyFile("http://www.example.com/sub/dir/pf.xml");

If you are using AS2/flash8 (first off I am sorry) then you will need to be sure crossdomain.xml is in the root of the server you are hitting.

Try hosting the policy file at port 843, assuming your admin will allow access to 843. Here's a link that tells you about socket policy files.

http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html

If you're using Debian, I've written an Apache module for serving Adobe socket policy files that is available at:

http://socketpolicyserver.com

The package includes working configuration files in:

/usr/share/doc/libapache2-mod-socket-policy-server/examples/

your socket server must respond in a special way to the flash socket when this one tries to connect and asks for "crossdomain"

http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_04.html

http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_05.html

Do you send a trailing 0-byte after the

<cross-domain-policy>
     <allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>

Check the http://www.lightsphere.com/dev/articles/flash_socket_policy.html