Flash Socket connection from SWF hosted by a browser - actionscript-3

I am attempting to use TCP Socket from Flash ActionScript. I am using a standard example provided by Adobe. Here is the code:
// Load policy file from remote server.
Security.loadPolicyFile("http://" + serverURL + "/crossdomain.xml");
// Attempt to connect to remote socket server.
try {
msg("Trying to connect to " + serverURL + ":" + portNumber + "\n");
socket.connect(serverURL, portNumber);
} catch (error:Error) {
/*
Unable to connect to remote server, display error
message and close connection.
*/
msg(error.message + "\n");
socket.close();
}
My crossdomain.xml file located on port 80:
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFileSocket.xsd">
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
When I load application, I see in my inspector that it accesses the policy file successfully. However Event.CONNECT is never called. I have tried opening various different ports on various domains including same domain with no luck. Tried different policy files.
What am I missing?

If the allowscriptaccess is false you won't be able to bypass that so what you are missing is the adobe policy server.
http://vvowproject.googlecode.com/svn-history/r41/trunk/server/flashpolicyd.py
On the server open port 843 then use this command
sudo ./flashpolicyd.py --file=crossdomain.xml --port=843
here is the crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>
This will definitely work, i tried it myself with your example.

This is what I know from using TCP/IP Sockets and XML. I've set up a Ruby server with a Flash client successfully, but want to know more about chat servers. I hope some of this is helpful.
You need a Daemon with Flash AS3. Here's the documentation.
http://livedocs.adobe.com/flash/9.0/main/wwhelp/wwhimpl/common/html/wwhelp.htm?context=LiveDocs_Parts&file=00000318.html
alt text http://www.ashcraftband.com/myspace/videodnd/daemonLil.jpg
To create a socket connection, you must create a server-side application to wait for the socket connection request and send a response to the SWF file. This type of server-side application can be written in a programming language such as Java, Python, or Perl. To use the XMLSocket class, the server computer must run a daemon that understands the protocol used by the XMLSocket class. The protocol is described in the following list:
• XML messages are sent over a full-duplex TCP/IP stream socket connection.
• Each XML message is a complete XML document, terminated by a zero (0) byte.
• An unlimited number of XML messages can be sent and received over a single XMLSocket connection.
Understanding the security changes in Flash Player 10
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes_02.html
XML SECURITY POLICY
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>
FLASH CLIENT
Remember to set Publish Settings to Access Network Only.
SERVER
Open a separate port for security policy, and keep it running in the background.

Related

AS3 Security error #2048 socket connection

I'm working in a company which creates a huge strategy game with ActionScript3.
I'm one of the developers here and have some issues with Socket Connections.
Socket works perfect when I use it in internal flash player or in firefox debug, it shows socket error #2048 when I'm trying to open the project with Google Chrome.
Here is the code which I use at first before trying to make a Socket Connection.
Security.allowDomain("*");
Security.allowInsecureDomain("*");
Security.loadPolicyFile("mydomain.com/crossdomain.xml");
And here is the content of crossdomain.xml file.
<cross-domain-policy>
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="100-60000" secure="false"/>
</cross-domain-policy>
Then the connect function works to make a Socket Connection with server.
instance.host = host;
instance.port = port;
socket = new Socket(host, port); //Initializing the socket
Is there any problems with Server or the problem caused by Chrome?
If you had the same issue and found something useful please answer to this question.
I'm searching a solution for a few days, but nothing works.
If you are trying to launch this swf file from localhost, which is the usual case when debugging, you can add your swf's path to flash player's trusted locations.
This procedure is written here.
Also try with this simpler cross domain file.
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

403 Forbidden only when accessing via IP

I'm having a really strange issue. I'm embedding a video player via an object tag. If I go to the page via the server url (ex. 127.0.0.1/stream.html rather than localhost/stream.html), the page does load, but stays at a white screen. Using the web developer tool in FireFox, the console shows a 403: Forbidden Error when grabbing the SWF player. When I use the hostname, there is no issue.
Do you have a cross-domain.xml set in your development environment? Meaning is the SWF player hard-coded to embed from localhost/path/to/player.swf, so it would load from the same hostname of localhost but chokes with 127.0.0.1. Read more on this site.
You could attempt to fix this by setting this file at the root of your localhost document root in a file name cross-domain.xml:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

My swf file in my web server can not load json file from another server

I have a swf file in the root of my server named MyREOPS.swf . And there is "index.html" in the root which embeds this swf. MyREOPS.swf in the server loads the link a json file from an xml, which is also in the same server. Then my swf file, loads the json file, using this link it retrieved from the xml. So, here is my questions and problems :
Problems :
When I run swf in my local pc, it loads this json file from external domain url without problem, provided that the folder which contains the swf has permission ( I gave permission through http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html ). However, when I run the MyREOPS.swf in the webserver through browser, i get this error :
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://www.3facts-engineering.com/MyREOPS.swf cannot load data from http://api.video.mail.ru/videos/mail/kulukamuluka/1/19.json.
Weird thing is the swf file was able to read the xml in the web server. I can understand this ,because it was actually able to see this link : "http://api.video.mail.ru/videos/mail/kulukamuluka/1/19.json". This was ONLY in that xml.
Aren't swf files, downloaded through browser to user's pc, then executed ? How is it possible for that swf to read the xml in the server. I mean that is what I would like it to do. But it feels like it is impossible for that swf to reach that xml while it run in my pc, because the url of xml in swf is given as relative such as "config.xml" .
I hope I was able to express myself throughly. Thank you in advance.
This is a security feature implemented by the Flash runtime.
Cross-domain policy for Flash movies
For security reasons, a Macromedia Flash movie playing in a web
browser is not allowed to access data that resides outside the exact
web domain from which the SWF originated.
When you run locally, your SWF is executing in Flash Projector; therefore, operates differently than when embedded from your site.
On the site you wish to connect, create a crossdomain.xml file, as in:
http://example.com/crossdomain.xml
Within that crossdomain.xml, add parameters, such as:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
<allow-access-from domain="*" to-ports="80,443"/>
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

Connecting to TCP server from flash socket on local environment

I have made a swf file for distribution version to clients to use on their computer.
and I have a TCP server connected from that swf file.
before testing it, I have read some articles related to policy file on adobe website
I tried to test that, and have used the nodejs and swf file for that
but I failed. here is how it looks like.
crossdomain.xml on root
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="3000" />
</cross-domain-policy>
tcp_server.js
var sys = require("sys"),
net = require("net");
var server = net.createServer(function(stream) {
stream.addListener("connect", function() {
sys.puts("Client connected");
stream.write("hello\r\n");
});
stream.addListener("data", function(data) {
sys.puts("Received from client: " + data);
stream.write(data);
});
stream.addListener("end", function() {
sys.puts("Client disconnected");
stream.write("goodbye\r\n");
stream.end();
});
});
server.listen(3000, "localhost");
swf file on local
import flash.net.Socket;
var socket:Socket = new Socket();
trace(socket);
trace("a socket is created");
socket.connect("localhost", 3000);
It seems like a long code, anyway
I tested it, and got this error
for wrong code, the policy file at xmlsocket://localhost:843 will be ignored
I can't find what is wrong with my code,
If you know that, Please let me know
Thanks for who reads this question
Have a nice day.
Flash Player checks for a policy file server (port 843 by default), or if necessary, on the socket you're opening (for you, port 3000).
A policy file server is a socket which responds to a with a valid policy file. What's happening with your message is likely that it's sending its request and getting something other than a policy file back, hence invalid syntax from port 3000.
Programming socket to return your crossdomain.xml file over the socket when it got a <policy-file-request/> message.
more http://www.adobe.com/devnet/flashplayer/articles/socket_policy_files.html

Security Sandbox Violation, can't connect to Server via Socket

Before I start I should state I have read it all, I was following this, this and this (and more...) and still I cannot connect to our running server via Socket over the internet.
Here is what I try to in AS3:
var host :String = "192.168.2.11";
Security.allowDomain(host);
Security.allowInsecureDomain(host);
Security.loadPolicyFile("xmlsocket://" + host + ":" + "843");
// TTS server socket
_socket = new Socket();
_socket.addEventListener(Event.CLOSE, handleClose);
_socket.addEventListener(IOErrorEvent.IO_ERROR, handleError);
_socket.addEventListener(SecurityErrorEvent.SECURITY_ERROR, handleSecError);
_socket.addEventListener(ProgressEvent.SOCKET_DATA, handleIncomingData);
_socket.addEventListener(Event.CONNECT, handleConnect);
_socket.connect(host, 1337);
As you can see, the host is a local address, but that shouldn't matter as long as I am in this local network. And I am, since this does work from my IDE (FD4).
Also, the swf is on the same server as the application it tries to connect to, but on another port.
The policy file the server sends (we have tried both from port 843 and 1337) is the following:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>
We can see from the log output of the server that this is really sent to the connecting socket. A null byte is of course sent after the xml data. And after that, the server closes the connection. However, it seems that Flash somehow does not like it, as "Error #2048" still appears after ~3 seconds.
We're really out of ideas here...
We managed to get it to work by including another tag:
<site-control permitted-cross-domain-policies="master-only"/>
It seems that this tag is necessary in order to get it to work. We could not get it to work without that tag, no matter which port we tried.
So the complete xml now looks like this in our case (it is of course easy to modify to fit any case):
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
It really is a shame that this line is not included in Adobe's own example (!!). I mean, it IS included in the example files, but not in the article. I don't want to know how many people were stuck at this stage because of that...