Can SWF read from external XML file in Google DFP? - actionscript-3

We created an SWF that reads from an XML file in another server, and everything works fine when it's two "normal" servers (the one with the SWF and the one with the XML file).
But the site we want to publish in uses Google DoubleClick for Publishers (DFP), and it seems that Google DFP doesn't allow the SWF to read from an external source. When they upload it,
Would that make sense?
Thanks.

A SWF can load from an external server if you place a cross domain policy file at the root of the server hosting the subload.
Here's a basic cross domain file you can configure for your own use. Enter your domain or IP where it says "yourdomain.com". Then save the file as crossdomain.xml and upload it to the root of your server.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="yourdomain.com"/>
</cross-domain-policy>
You can enter multiple URLS like so:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="yourdomain1.com"/>
<allow-access-from domain="yourdomain2.com"/>
<allow-access-from domain="yourdomain3.com"/>
</cross-domain-policy>
You can also use a wildcard "*" character to allow any domain:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
You can also use this crossdomain.xml wizard: http://www.crossdomainmaker.com/

Apparently, Google DoubleClick for Publishers (DFP) doesn't allow a swf to read from an external source.

Related

Flash Socket connection from SWF hosted by a browser

I am attempting to use TCP Socket from Flash ActionScript. I am using a standard example provided by Adobe. Here is the code:
// Load policy file from remote server.
Security.loadPolicyFile("http://" + serverURL + "/crossdomain.xml");
// Attempt to connect to remote socket server.
try {
msg("Trying to connect to " + serverURL + ":" + portNumber + "\n");
socket.connect(serverURL, portNumber);
} catch (error:Error) {
/*
Unable to connect to remote server, display error
message and close connection.
*/
msg(error.message + "\n");
socket.close();
}
My crossdomain.xml file located on port 80:
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFileSocket.xsd">
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
When I load application, I see in my inspector that it accesses the policy file successfully. However Event.CONNECT is never called. I have tried opening various different ports on various domains including same domain with no luck. Tried different policy files.
What am I missing?
If the allowscriptaccess is false you won't be able to bypass that so what you are missing is the adobe policy server.
http://vvowproject.googlecode.com/svn-history/r41/trunk/server/flashpolicyd.py
On the server open port 843 then use this command
sudo ./flashpolicyd.py --file=crossdomain.xml --port=843
here is the crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>
This will definitely work, i tried it myself with your example.
This is what I know from using TCP/IP Sockets and XML. I've set up a Ruby server with a Flash client successfully, but want to know more about chat servers. I hope some of this is helpful.
You need a Daemon with Flash AS3. Here's the documentation.
http://livedocs.adobe.com/flash/9.0/main/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00000318.html
alt text http://www.ashcraftband.com/myspace/videodnd/daemonLil.jpg
To create a socket connection, you must create a server-side application to wait for the socket connection request and send a response to the SWF file. This type of server-side application can be written in a programming language such as Java, Python, or Perl. To use the XMLSocket class, the server computer must run a daemon that understands the protocol used by the XMLSocket class. The protocol is described in the following list:
• XML messages are sent over a full-duplex TCP/IP stream socket connection.
• Each XML message is a complete XML document, terminated by a zero (0) byte.
• An unlimited number of XML messages can be sent and received over a single XMLSocket connection.
Understanding the security changes in Flash Player 10
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes_02.html
XML SECURITY POLICY
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>
FLASH CLIENT
Remember to set Publish Settings to Access Network Only.
SERVER
Open a separate port for security policy, and keep it running in the background.

My swf file in my web server can not load json file from another server

I have a swf file in the root of my server named MyREOPS.swf . And there is "index.html" in the root which embeds this swf. MyREOPS.swf in the server loads the link a json file from an xml, which is also in the same server. Then my swf file, loads the json file, using this link it retrieved from the xml. So, here is my questions and problems :
Problems :
When I run swf in my local pc, it loads this json file from external domain url without problem, provided that the folder which contains the swf has permission ( I gave permission through http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html ). However, when I run the MyREOPS.swf in the webserver through browser, i get this error :
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://www.3facts-engineering.com/MyREOPS.swf cannot load data from http://api.video.mail.ru/videos/mail/kulukamuluka/1/19.json.
Weird thing is the swf file was able to read the xml in the web server. I can understand this ,because it was actually able to see this link : "http://api.video.mail.ru/videos/mail/kulukamuluka/1/19.json". This was ONLY in that xml.
Aren't swf files, downloaded through browser to user's pc, then executed ? How is it possible for that swf to read the xml in the server. I mean that is what I would like it to do. But it feels like it is impossible for that swf to reach that xml while it run in my pc, because the url of xml in swf is given as relative such as "config.xml" .
I hope I was able to express myself throughly. Thank you in advance.
This is a security feature implemented by the Flash runtime.
Cross-domain policy for Flash movies
For security reasons, a Macromedia Flash movie playing in a web
browser is not allowed to access data that resides outside the exact
web domain from which the SWF originated.
When you run locally, your SWF is executing in Flash Projector; therefore, operates differently than when embedded from your site.
On the site you wish to connect, create a crossdomain.xml file, as in:
http://example.com/crossdomain.xml
Within that crossdomain.xml, add parameters, such as:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
<allow-access-from domain="*" to-ports="80,443"/>
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

Master policy file vs. crossdomain.xml in subdirectories

I have a swf on localhost which tries to read a text file from another server - example.com. The text file is in a subdirectory as follows: example.com/test/example.txt
First here are the contents of the root and the sub-sirectory:
www.example.com:
/crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" secure="false" />
</cross-domain-policy>
/test/crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
/test/example.txt
Now if I explicitly mention in my actionscript as follows:
Security.loadPolicyFile("http://example.com/test/crossdomain.xml");
And then load: http://example.com/test/example.txt in the actionscript. Now the first action should be to check the master policy file under root to check if its meta-policy allows the loading of the crossdomain.xml from the test folder. Since here the meta-policy specifies "master-only", I am assuming the policy file specified by security.loadpolicyfile(), will not be loaded. But my question is after this check will the master policy file allow the access request of the text file from the test folder because of the policy <allow-access-from domain="*" secure="false" /> specified in the master policy file?
As per the Adobe Crossdomain policy spec,
The swf sees that there is a crossdomain policy specified.
It checks the master policy file to see if the specified policy file is permitted.
Since the specified master policy file is not permitted, it DEFAULTS to load the master policy file and grant permission accordingly.

Security Sandbox Violation, can't connect to Server via Socket

Before I start I should state I have read it all, I was following this, this and this (and more...) and still I cannot connect to our running server via Socket over the internet.
Here is what I try to in AS3:
var host :String = "192.168.2.11";
Security.allowDomain(host);
Security.allowInsecureDomain(host);
Security.loadPolicyFile("xmlsocket://" + host + ":" + "843");
// TTS server socket
_socket = new Socket();
_socket.addEventListener(Event.CLOSE, handleClose);
_socket.addEventListener(IOErrorEvent.IO_ERROR, handleError);
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleSecError);
_socket.addEventListener(ProgressEvent.SOCKET_DATA, handleIncomingData);
_socket.addEventListener(Event.CONNECT, handleConnect);
_socket.connect(host, 1337);
As you can see, the host is a local address, but that shouldn't matter as long as I am in this local network. And I am, since this does work from my IDE (FD4).
Also, the swf is on the same server as the application it tries to connect to, but on another port.
The policy file the server sends (we have tried both from port 843 and 1337) is the following:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
We can see from the log output of the server that this is really sent to the connecting socket. A null byte is of course sent after the xml data. And after that, the server closes the connection. However, it seems that Flash somehow does not like it, as "Error #2048" still appears after ~3 seconds.
We're really out of ideas here...
We managed to get it to work by including another tag:
<site-control permitted-cross-domain-policies="master-only"/>
It seems that this tag is necessary in order to get it to work. We could not get it to work without that tag, no matter which port we tried.
So the complete xml now looks like this in our case (it is of course easy to modify to fit any case):
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
It really is a shame that this line is not included in Adobe's own example (!!). I mean, it IS included in the example files, but not in the article. I don't want to know how many people were stuck at this stage because of that...

Error Handling issues

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation:
I don't get this error on my local host but I do when I upload it to my server. How
do I properly fix this in Flash CS4?
Check where you are pointing to for any external assets or data. More than likely you need a crossdomain.xml file that will say that it is okay for your server to access the data. To be clear, you need the crossdomain file where the assets are that you are pulling.
More information here: http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html
An example of a wide open crossdomain.xml file:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
You can specify a domain where the * is and list multiple allow-access-from nodes. You can also specify all subdomains on a domain by saying *.mydomain.com
To be clear, you do not want to go to production with the wide open example I have given, but it is something you can use to test out and make sure this is your problem. Once you verify this then you can restrict it to the appropriate levels.
Basically though you just create a file called crossdomain.xml and put this xml in it.
Make sure it is placed at the root of the server that the data or assets are being pulled from.