Flex socket policy only works if I set the domain to * - apache-flex

I have a Flex application on an in house server that connects to a MongoDB server running on an amazon ec2 instance. Connecting directly from Flex requires me to serve up a socket policy. Below is what I am currently using:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for xmlsocket://socks.example.com -->
<cross-domain-policy>
<!-- This is a master socket policy file -->
<!-- No other socket policies on the host will be permitted -->
<site-control permitted-cross-domain-policies="master-only"/>
<!-- Instead of setting to-ports="*", administrator's can use ranges and commas -->
<allow-access-from domain="*" to-ports="27017" />
</cross-domain-policy>
This works fine. My Flex client connects successfully and all is well. However if I change the allow-access-from domain from a * to the Flex server's IP it does not work. I don't think this is a major concern since I have both ports 843 and 27017 only open to the Flex server's IP via the ec2 security group, but I would like to find out why it only works with the wildcard in place if possible.

Related

SignalR messages from server to the flash client are failed

I am using SignalR v2.1.2.0 and pushing messages to the client working perfectly for the clients such as android,ios and html-javascript client.
But for adobe flash client its failed. Connection created and request to the server is successfully done by this flash client but the messages from server are blocked by some firewall especially Kerio firewall.
The same flash client successfully able to receive the incoming messages using other firewall in the network.
Is there anything I have to do or Am I missing anything ? . Is it possible to enable SSL certificate for the SignalR website to overcome this issue ? Thanks.
If you are using wamp,
Create the crossdomain.xml
Try this code:
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

Flex socket crossdomain

I am trying to connect to a socket server from flex.
I read, on adobe's documentation, the client automatically sends a "request-policy-file" xml element to the socket before allowing it to be opened, and should receive a policy file.
The client sends the xml element as expected, My server receives it (on the port I want to use, port 6104) and replies on the same port with:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
To the best of my knowledge, this should be the most permissive policy available on a socket.
The flash player logs indicate a timeout looking for the socket policy file, although I know my socket returned the response immediately.
What should I do ?
Try using master-only.
Master-only is saying it's using one policy file as a master.
"All" is saying, all domains need a policy file, so it will
keep looking for policy files. Use his and see if you get a timeout.
Cross Domain Policy "master-only"
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
Reference
http://jodieorourke.com/view.php?id=108&blog=news

calling a web service that has an untrusted certificate using ssl in flex/air

In our flex/air application we are calling a web service over https. The web service is java based and has, at the moment, an untrusted certificate.
When doing a POST to the service with some json, the payload on the server side is pretty garbled. A popup does occur asking whether you want to continue and even when I do and add the untrusted certificate into my keychain (on the mac), the data sent through always comes through mangled.
I installed charles http proxy to see the actual traffic and it seems at times I'm getting a SSLHandshakeException back... I'm guessing this is causing the garbled data as ssl isn't being setup properly.
So, to the question - can air/flex handle untrusted certificates? Is there a workaround that you can do? For example in java with commons httpclient you can work around it at the socket level.
Thanks,
Kieran
I don't know but it might help if you use the secure attribute in your server-side crossdomain.xml like this:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="mydomain.com" secure="false" />
</cross-domain-policy>

Same domain but security error

I am hosting a java service and a flex application on the same server. The flex application accesses the java service. As the flex application loads I get a security error, how can this happen? I thought I do not need a crossdomain.xml when hosting on the same server.
My flex app gets the data via a http service that sends calls to 1.2.3.4:9000/service, the flex application itself lies on 5.6.7.8/test.swf, my crossdomain.xml looks like the following
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="5.6.7.8" to-ports="*" />
</cross-domain-policy>
It is accessible from 1.2.3.4:9000/crossdomain.xml. Note that everything works when I use domain="*" instead of domain="1.2.3.4"
I hope someone can help me
Sebastian
If your Flex app is on the server with ip 5.6.7.8 you need to allow that ip in the crossdomain for the 1.2.3.4 server. This let's the Flash running from 5.6.7.8 know that 1.2.3.4 allows connections from that specific adress.
If you still have the same problem a quick way to find out what's going on is to use a debug proxy (i like Charles). That way you'll see flash' request for the crossdomain.xml and what the response looks like, most likely the request is going somewhere you didn't expect or the server messes it up somehow.
Are you using Sockets?
In that case you need to serve Policy Files either with your existing Java Server or a standalone one.
http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html
Does 1.2.3.4 represent an IP address?
If so I believe you have to use a domain name here not an ip address, otherwise you could have several domains on the same server and bypass the same domain checks.

Help with Cross-Domain file for ActionScript 3 Socket

Here is My ActionScript Code:
var S:Socket=new Socket("127.0.0.1",2222);
Here is My CrossDomain.XML File (Located at http://127.0.0.1/crossdomain.xml)
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="2222"/>
</cross-domain-policy>
Here is The Error I Am Getting
Ignoring policy file at xmlsocket://127.0.0.1:2222 due to incorrect syntax.
Having never used one before, I don't understand what's wrong with the syntax of my CrossDomain file.
Please Help.
Socket policy files work a little differently than HTTP policy files; in particular, they aren't served via HTTP, or at port 80.
Instead, Flash Player checks for a policy file server (port 843 by default), or if necessary, on the socket you're opening (for you, port 2222).
A policy file server is a socket which responds to a <policy-file-request/> with a valid policy file. What's happening with your message is likely that it's sending its request and getting something other than a policy file back, hence invalid syntax from port 2222.
There are a lot of resources out there, and a number of questions here on SO. Here's one tutorial from Adobe.

Resources