Re: [Flash Operator Panel] Flash operator panel over SSL [solved]
- From: Amruth Laxman <laxmans@xxxxxxxxxxxxx>
- Date: Fri, 14 Mar 2008 00:19:32 -0400
- Mailing-list: contact operator_panel-help@lists.house.com.ar; run by ezmlm
Thanks for the suggestion - I tried creating the crossdomain.xml file
and the flash player does accept it, but it still looks for the file via
http and not https.
I turned on the flash player logging function, and I was able to trace
this behavior to the requirement for 'socket policy files' in Adobe
flash 9,0,115,0 and later. With these versions, each time a socket is
opened, the flash player now looks for a socket policy file on port 843.
If this fails, it tries the socket port being connected to (4445 for
FOP). If this also fails, it seems to fallback on looking for
crossdomain.xml. Further documentation on this can be found on the Adobe
website.
Since the socket policy file cannot be served by a web-server (!!), I
modifed the FOP op_server.pl to serve this file. My changes are pasted
below.
The change assumes that web_hostname is set either in the AMP config
file or in op_server.cfg, and uses this as the domain for which
connections are allowed. The policy request from the flash player is
detected by the "<policy-file-request" string. As a further quirk, the
connection must be closed after sending the XML policy file, otherwise
the flash player times out, hence the call to clean_socket().
I'm not very familiar with the intricacies of the FOP script, so I would
appreciate any feedback on this change.
-Amruth
--- op_server.save.pl 2008-03-12 22:40:35.000000000 -0400
+++ op_server.pl 2008-03-13 23:52:00.000000000 -0400
@@ -274,6 +274,13 @@
my %b2a = reverse %a2b;
my $rand_byte_already_called = 0;
+my $policy_file =
+'<?xml version="1.0"?>'.
+'<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd";>'.
+'<cross-domain-policy>'.
+ '<allow-access-from domain="%s" to-ports="4445" />'.
+'</cross-domain-policy>';
+
$SIG{PIPE} = 'IGNORE';
$SIG{ALRM} = 'alarma_al_minuto';
$SIG{INT} = 'close_all';
@@ -5974,6 +5981,12 @@
send_eventmask($C);
send_initial_status($C);
}
+ elsif ( $bloque_final =~
/<policy-file-request/) {
+ # send xml policy file
+ my $pol =
sprintf($policy_file,$web_hostname);
+ syswrite( $C, $pol, length($pol));
+ clean_socket($C);
+ }
else {
log_debug( "$heading No
'Event' nor 'End'. Erasing block...", 32 ) if DEBUG;
Richard Lyman wrote:
From your statement, that means you haven't created the crossdomain.xml
file. (which would probably be found, prior to falling back to http to
look for it)
You really need to find *why* flash feels you are going crossdomain and
needs to toss up security. (the fact you are, as you say 'embedded' in
freepbx would be a good reason)
I would create the file with *.your.domain (as a quick test only) to see
if it will find/allow it under https, then trim back fit. (then you
will have more time to find the real reason)
laxmans@xxxxxxxxxxxxx wrote:
Hi,
Thanks for the response - I understand that the crossdomain.xml file
may need to be modified. However, the problem I have is that the flash
player requests the crossdomain file itself via HTTP instead of HTTPS.
Consequently, even if I create such a file, there is no way for the
flash player to get it unless I also enable HTTP access to my webserver.
What I would like is for a way to instruct the flash player to use
https to get the crossdomain file. I suspect this is a configuration
issue, or a quirk in the way that security is being configured in the
flash operator swf.
-Amruth
-------------- Original message from "Carlos Cruz"
<carlos@xxxxxxxxxxxxxxxxx>: --------------
> Just a small clarification as you might already know this, the
crossdomain
> file is related to the flash player, and is used to allow the
flash player
> to run flash/SWF movie clips apps what ever you want to call
them from a
> different domain than from where the original file was called.
>
> I have no experience running flash via HTTPS, but the flash
player might
> need to have your HTTPS domain in this crossdomain file.
>
> Carlos
>
> -----Original Message-----
> From: Amruth Laxman [mailto:laxmans@xxxxxxxxxxxxx]
> Sent: Tuesday, March 11, 2008 11:29 PM
> To: operator_panel@xxxxxxxxxxxxxxxxxx
> Subject: [Flash Operator Panel] Flash operator panel over SSL
>
> Hi,
>
> I'm trying to get FOP working with HTTPS exclusively. I have
everything
> configured and the operator panel works fine as long as I also
leave
> regular HTTP enabled. If I disable HTTP in my firewall, the
flash page
> gets stuck while loading.
>
> A trace of the http requests when HTTP is enabled, shows that
the flash
> player is trying to load crossdomain.xml via HTTP instead of
HTTPS (even
> though the flash file is being served over HTTPS). This seems
> unnecessary, since the file is not present, and the flash player
seems
> to go ahead with the playback despite the missing file.
>
> Does anyone know of a way to disable the fetch of
crossdomain.xml, or
> alternately, is there a way to instruct the flash player to use
https?
>
> I'm running the following versions of software:
> - FOP v.26
> - Embedded in FreePBX 2.2.1 (2.4 also seems to behave the same)
< BR>> - Apache 2.0.52
>
> -Amruth
>
>
> Flash Operator Panel Mailing List
>
> To unsubscribe send an empty message to:
>
> To get help send an empty message to:
>
> The archives can be found at:
> http://www.asternic.org/archives/maillist.html
>
>
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.21.4/1310 - Release Date:
3/4/2008
> 8:35 AM
>
>
> Internal Virus Database is out-of-date.
> Checked by AVG Free Edition.
> Version: 7.5.516 / Virus Database: 269.21.4/1310 - Release Date:
3/4/2008
> 8:35 AM
>
>
>
>
> Flash Operator Panel Mailing List
>
> To unsubscribe send an empty message to:
>
> To get help send an empty message to:
>
> The archives can be found at:
> http://www.asternic.org/archives/maillist.html
>
>
Flash Operator Panel Mailing List
To unsubscribe send an empty message to:
<operator_panel-unsubscribe@xxxxxxxxxxxxxxxxxx>
To get help send an empty message to:
<operator_panel-help@xxxxxxxxxxxxxxxxxx>
The archives can be found at:
http://www.asternic.org/archives/maillist.html
- References to:
- laxmans
- Richard Lyman
|