CROSS DOMAIN POLICY

[TIPLVinay]

Flex 1.5
HI anyone told me why to use the crossdomain policy and where to put the
crossdomain.xml file in an webapplication(Web Server)
is it in WEB-INF/
or in
WEB-INF/Flex/

Thanks in advance!

[ntsiii]

It actaully goes in the very top level of the web site or application.

In my case, I have a flex app at localhost:8080 that needs permission to talk
to an asp.net application on IIS. I had to put the crossdomain file in the
root of the IIS virtual folder.

In a pure J2EE situation, I believe it should go in the first folder under the
server (maybe IN the server folder). The way I figured mine out was to put a
copy in every folder in my app until it worked, then took them out one by one.

Tracy

[TIPLVinay]

Is it required if you are calling a JSP(using HTTPServices) resides in the same web application.?

[ntsiii]

What is the url for the Flex app, and what is the url for the jsp?

[TIPLVinay]

Web Application URL:
[url]http://localhost:8080/FlexSite[/url]

JSP Page URL
[url]http://localhost:8080/FlexSite/JSP/jcookies.jsp[/url]

I have i configured this in the flex-config.xml as

<http-service-proxy>

<proxy-use-policy>always</proxy-use-policy>
<url>{localserver}/flashproxy</url>
<https-url>{localserver}/flashproxy</https-url>

<!-- use proxy specified via flashvars or query parameter
?proxyURL=XXX -->
<!--<allow-url-override>false</allow-url-override>

<allow-lax-ssl>false</allow-lax-ssl>-->

<whitelist>
<!-- whitelist config for unnamed services -->
<unnamed>
<url>http://{localserver}/FlexSite/JSP/jcookie.jsp</url>
</unnamed>

<named>
<service name="CookieSrv">
<url>{localserver}/JSP/jcookie.jsp</url>
<use-custom-authentication>true</use-custom-authentication>
</service>
</named>
</whitelist>
</http-service-proxy>

What it gives error something like this:-
URL not configured in flex whitelist.

I have ckecked it both ways(using named and unnamed but failed:

Is it requires CrossDomain.xml or any other solution for this.

Thanks and Regards

[ntsiii]

You do not need a crossdomain file in this case.

Your problem may be that you have a typo in the flex-config in the whitelist url. cookie vs cookies.

Tracy

[ntsiii]

No you do not need a crossdomain file in this sitation.

Your problem may be the type in flex-config whitelist: check spelling, cookie vs cookies

Tracy

[TIPLVinay]

No url is :
[url]http://localhost:8080/FlexSite/JSP/jcookie.jsp[/url]

plz suggest wht is wrong.

And when we need crossdomain.xml in our flex application.

[ntsiii]

You need a cross domain file when you are not using the flex proxy and your
application (Flex client running in Flash player) requests data from a domain
that is different from the domain that served the flex app swf.

Try using the global permissions setting. Just uncomment it, see if that
fixes things. It is not a good idea to run with this setting in production.

Tracy

[TIPLVinay]

Originally posted by: ntsiii
You need a cross domain file when you are not using the flex proxy and your
application (Flex client running in Flash player) requests data from a domain
that is different from the domain that served the flex app swf.

Try using the global permissions setting. Just uncomment it, see if that
fixes things. It is not a good idea to run with this setting in production.

Tracy

[poonamsheth]

hey if others want to knoe whats cross domain policy,, then i think the whole
problem and solution can be understood

To Create a crossdomain policy file

Your system might be configured to allow a Flex application to
directly access server-side resources on different domains or
different computers without going through a proxy. These operations
fail under the following conditions:

* When the Flex application's SWF file references a URL, and
that URL is outside the exact domain of the SWF file that makes the
request
* When the Flex application's SWF file reference an HTTPS URL,
and the SWF file that makes the request is not served over HTTPS

To make a data service or asset available to SWF files in different
domains or on different machines, use a crossdomain policy file on
the server that hosts the data service or asset. A crossdomain
policy file is an XML file that provides a way for the server to
indicate that its data services and assets are available to SWF
files served from certain domains, or from all domains. Any SWF
file that is served from a domain specified by the server's policy
file is permitted to access a data service or asset from that
server. By default, place the crossdomain.xml at the root directory
of the server that is serving the data.


When a Flash document attempts to access data from another domain,
Flash Player attempts to load a policy file from that domain. If
the domain of the Flash document that is attempting to access the
data is included in the policy file, the data is automatically
accessible.

Policy files function only on servers that communicate over HTTP,
HTTPS,or FTP. The policy file is specific to the port and protocol
of the server where it resides. For example, a policy file located at
[url]https://www.adobe.com:8080/crossdomain.xml[/url] applies only to data
loading calls made to [url]www.adobe.com[/url] over HTTPS at port 8080.

An exception to this rule is the use of an XMLSocket object to
connect to a socket server in another domain. In that case, an
HTTP server running on port 80 in the same domain as the socket
server must provide the policy file for the method call.

The Flash Player ignores any policy file that is served using a
cross-domain redirect. For example, if Flash Player request for
<a target=_blank class=ftalternatingbarlinklarge
href="http://www.mysite.com/crossdomain.xml">[url]http://www.mysite.com/crossdomain.x[/url]
ml</a> redirects to
<a target=_blank class=ftalternatingbarlinklarge
href="http://elsewhere.mysite.com/crossdomain.xml,">[url]http://elsewhere.mysite.com/[/url]
crossdomain.xml,</a> Flash Player
ignores that policy file. Ensure that you do not use cross-domain
redirects to serve policy files. (You can use redirects within the
same domain.)

The default policy file is named crossdomain.xml and resides at the
root directory of the server that is serving the data. You can use the
loadPolicyFile() method to access a nondefault policy file.

In J2EE, web applications can have a different context roots, and you
are not required to deploy any application to the default context
root ("/"). This means that you cannot use a crossdomain.xml file in
the web root without adding at least one web application at the default
context root.

[Unregistered]

Please answer the question asked.
If you are running Tomcat: NO IIS; no Apache webserver.

Nothing going through 80, everything through 8080 (say your developers box).
[[ [localhost] vs [127.0.0.1] ]]

Where on TOMCAT do you place the crossdomain.xml file.
{myhost}:8080/myJavaWar-Context/.....

Surely it does not go in myJavaWar-Context.
The app context is in a directory different than the default webapps. Did not work from there either.

Do you have to have a web server in front of the app server?