XIFF Hemlock security issue
102 views
Skip to first unread message
m44s
Sep 11, 2009, 1:52:12 PM9/11/09
to Hemlock
hello
I've been beating my forehead for a while on this one.
when used with XIFF, there is a security violation case appears.
here is the error I'm getting:
401 not-authorized
ejabberd log:
=ERROR REPORT==== 2009-09-10 20:35:22 ===
{xmlrpc_http,153,
{mod_xmlrpc,handler,
{'EXIT',
{function_clause,
[{mysql,get_result_reason,
[[70,97,105,108,101,100,32,115,101,110,100,105,110,103,
32,100,97,116,97,32,111,110,32,115,111,99,107,101,116,
32,58,32,"closed"]]},
{mod_chat_restrict,get_result,1},
{mod_chat_restrict,check_is_paused,1},
{mod_xmlrpc,handler,2},
{xmlrpc_http,eval_payload,6},
{tcp_serv,start_session,3},
{proc_lib,init_p_do_apply,3}]}}}}
=ERROR REPORT==== 2009-09-10 20:35:22 ===
{xmlrpc_http,153,
{mod_xmlrpc,handler,
{'EXIT',
{function_clause,
[{mysql,get_result_reason,
[[70,97,105,108,101,100,32,115,101,110,100,105,110,103,
32,100,97,116,97,32,111,110,32,115,111,99,107,101,116,
32,58,32,"closed"]]},
{mod_chat_restrict,get_result,1},
{mod_chat_restrict,get_chat_timer,1},
{mod_xmlrpc,handler,2},
{xmlrpc_http,eval_payload,6},
{tcp_serv,start_session,3},
{proc_lib,init_p_do_apply,3}]}}}}
and a XIFF gui shows :
>>outgoing: <?xml version="1.0"?><stream:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" />
XIFFErrorEvent onXIFFError: type:auth message:Not Authorized
The pl script from Hemlock works fine and shows :
Connection from <IP>
Valid request received
Sent policy file
And here is flash log :
1
Warning: Found secure='true' in policy file from xmlsocket://app-dev.amcluster.com:843,
but host app-dev.amcluster.com does not appear to refer to the local
machine. This may be insecure. See http://www.adobe.com/go/strict_policy_files
for details.
there was a security error of type: securityError
Error: Error #2048: Security sandbox violation:
http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
cannot load data from app-dev.amcluster.com:5222.
I use ejabberd.2.0.4, flash player 10 dev, XIFF beta 2, flex 3.
Thank you for your assistance )
Denys
I've been beating my forehead for a while on this one.
when used with XIFF, there is a security violation case appears.
here is the error I'm getting:
401 not-authorized
ejabberd log:
=ERROR REPORT==== 2009-09-10 20:35:22 ===
{xmlrpc_http,153,
{mod_xmlrpc,handler,
{'EXIT',
{function_clause,
[{mysql,get_result_reason,
[[70,97,105,108,101,100,32,115,101,110,100,105,110,103,
32,100,97,116,97,32,111,110,32,115,111,99,107,101,116,
32,58,32,"closed"]]},
{mod_chat_restrict,get_result,1},
{mod_chat_restrict,check_is_paused,1},
{mod_xmlrpc,handler,2},
{xmlrpc_http,eval_payload,6},
{tcp_serv,start_session,3},
{proc_lib,init_p_do_apply,3}]}}}}
=ERROR REPORT==== 2009-09-10 20:35:22 ===
{xmlrpc_http,153,
{mod_xmlrpc,handler,
{'EXIT',
{function_clause,
[{mysql,get_result_reason,
[[70,97,105,108,101,100,32,115,101,110,100,105,110,103,
32,100,97,116,97,32,111,110,32,115,111,99,107,101,116,
32,58,32,"closed"]]},
{mod_chat_restrict,get_result,1},
{mod_chat_restrict,get_chat_timer,1},
{mod_xmlrpc,handler,2},
{xmlrpc_http,eval_payload,6},
{tcp_serv,start_session,3},
{proc_lib,init_p_do_apply,3}]}}}}
and a XIFF gui shows :
>>outgoing: <?xml version="1.0"?><stream:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" />
XIFFErrorEvent onXIFFError: type:auth message:Not Authorized
The pl script from Hemlock works fine and shows :
Connection from <IP>
Valid request received
Sent policy file
And here is flash log :
1
Warning: Found secure='true' in policy file from xmlsocket://app-dev.amcluster.com:843,
but host app-dev.amcluster.com does not appear to refer to the local
machine. This may be insecure. See http://www.adobe.com/go/strict_policy_files
for details.
there was a security error of type: securityError
Error: Error #2048: Security sandbox violation:
http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
cannot load data from app-dev.amcluster.com:5222.
I use ejabberd.2.0.4, flash player 10 dev, XIFF beta 2, flex 3.
Thank you for your assistance )
Denys
Lance Carlson
Sep 11, 2009, 1:57:00 PM9/11/09
to hem...@googlegroups.com
There are several things to look for.
Do you have that process running that serves the policy files?
Are you using the Bosh Connection with XIFF?
Also can you send me the response XML?
The security error can happen when ejabberd disconnects after it fails
to connect. Also, I would considering using OpenFire if this is a time
sensitive project. I prefer ejabberd, but OpenFire is certainly easier
to setup and XMPPSocketConnection has issues with ejabberd because it
doesn't send the XMPP stanzas correctly.
On Fri, Sep 11, 2009 at 1:52 PM, m44s <motu...@gmail.com> wrote:
>
> hello
> I've been beating my forehead for a while on this one.
> when used with XIFF, there is a security violation case appears.
> here is the error I'm getting:
>
> 401 not-authorized
>
> ejabberd log:
>
> =ERROR REPORT==== 2009-09-10 20:35:22 ===
> {xmlrpc_http,153,1
Do you have that process running that serves the policy files?
Are you using the Bosh Connection with XIFF?
Also can you send me the response XML?
The security error can happen when ejabberd disconnects after it fails
to connect. Also, I would considering using OpenFire if this is a time
sensitive project. I prefer ejabberd, but OpenFire is certainly easier
to setup and XMPPSocketConnection has issues with ejabberd because it
doesn't send the XMPP stanzas correctly.
On Fri, Sep 11, 2009 at 1:52 PM, m44s <motu...@gmail.com> wrote:
>
> hello
> I've been beating my forehead for a while on this one.
> when used with XIFF, there is a security violation case appears.
> here is the error I'm getting:
>
> 401 not-authorized
>
> ejabberd log:
>
> =ERROR REPORT==== 2009-09-10 20:35:22 ===
m44s
Sep 11, 2009, 2:21:11 PM9/11/09
to Hemlock
Hello Lance.
Thank you for reply.
I connect it with sockets, 5222, not BOSH.
flashpolicyd.pl is running well.
where could I find the response xml ?
all, flash client shows is outgoing one.
ejabberd, unfortunately, is my only option.
thank you Lance
> > machine. This may be insecure. Seehttp://www.adobe.com/go/strict_policy_files
Thank you for reply.
I connect it with sockets, 5222, not BOSH.
flashpolicyd.pl is running well.
where could I find the response xml ?
all, flash client shows is outgoing one.
ejabberd, unfortunately, is my only option.
thank you Lance
> > for details.
> > there was a security error of type: securityError
> > Error: Error #2048: Security sandbox violation:
> >http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > there was a security error of type: securityError
> > Error: Error #2048: Security sandbox violation:
m44s
Sep 11, 2009, 2:22:26 PM9/11/09
to Hemlock
would you recommend to use BOSH instead ?
> > machine. This may be insecure. Seehttp://www.adobe.com/go/strict_policy_files
> > for details.
> > there was a security error of type: securityError
> > Error: Error #2048: Security sandbox violation:
> >http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > there was a security error of type: securityError
> > Error: Error #2048: Security sandbox violation:
Lance Carlson
Sep 11, 2009, 2:31:24 PM9/11/09
to hem...@googlegroups.com
Yes, use BOSH. Also try changing the username to user@localhost
m44s
Sep 11, 2009, 2:50:46 PM9/11/09
to Hemlock
use of BOSH with any combination of user, user@server, localhost, or
real server name all give
XIFFErrorEvent onXIFFError: type:null message:HTTP Error
and code NaN HTTP Error
still clueless )
any advices ?
real server name all give
XIFFErrorEvent onXIFFError: type:null message:HTTP Error
and code NaN HTTP Error
still clueless )
any advices ?
Lance Carlson
Sep 11, 2009, 3:09:59 PM9/11/09
to hem...@googlegroups.com
Have a look @ this post. You can safely ignore the nginx stuff, etc.
http://keoko.net/2009/02/experiences-with-ejabberd-and-flash-iii/
http://keoko.net/2009/02/experiences-with-ejabberd-and-flash-iii/
Lance Carlson
Sep 11, 2009, 3:11:05 PM9/11/09
to hem...@googlegroups.com
FYI XMPPSocketConnection's are possible but XIFF is messed up. It
needs to send a second <stream> stanza after it authenticates and it
does not. This works on OpenFire too. Have a look at what the Jabber
client Psi spits out in the XML Console to get a better idea.
needs to send a second <stream> stanza after it authenticates and it
does not. This works on OpenFire too. Have a look at what the Jabber
client Psi spits out in the XML Console to get a better idea.
m44s
Sep 14, 2009, 4:13:45 PM9/14/09
to Hemlock
thanks, i've been there a while ago.
now trying BOSH connection instead, but still no success :
>>incoming: <?xml version='1.0'?><stream:stream from="ashleymadison.com" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" id="none"><stream:error><xml-not-well-formed xmlns="urn:ietf:params:xml:ns:xmpp-streams" /></stream:error></stream:stream>
looks to me that connection is getting closed prematurely, right after
it receives all the logging data, and I can't figure where it happens.
this is endless )))
On Sep 11, 3:11 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
> FYI XMPPSocketConnection's are possible but XIFF is messed up. It
> needs to send a second <stream> stanza after it authenticates and it
> does not. This works on OpenFire too. Have a look at what the Jabber
> client Psi spits out in the XML Console to get a better idea.
>
>
>
> On Fri, Sep 11, 2009 at 3:09 PM, Lance Carlson <lancecarl...@gmail.com> wrote:
> > Have a look @ this post. You can safely ignore the nginx stuff, etc.
>
> >http://keoko.net/2009/02/experiences-with-ejabberd-and-flash-iii/
>
now trying BOSH connection instead, but still no success :
>>incoming: <?xml version='1.0'?><stream:stream from="ashleymadison.com" version="1.0" xmlns="jabber:client" xmlns:stream="http://etherx.jabber.org/streams" id="none"><stream:error><xml-not-well-formed xmlns="urn:ietf:params:xml:ns:xmpp-streams" /></stream:error></stream:stream>
looks to me that connection is getting closed prematurely, right after
it receives all the logging data, and I can't figure where it happens.
this is endless )))
On Sep 11, 3:11 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
> FYI XMPPSocketConnection's are possible but XIFF is messed up. It
> needs to send a second <stream> stanza after it authenticates and it
> does not. This works on OpenFire too. Have a look at what the Jabber
> client Psi spits out in the XML Console to get a better idea.
>
>
>
> On Fri, Sep 11, 2009 at 3:09 PM, Lance Carlson <lancecarl...@gmail.com> wrote:
> > Have a look @ this post. You can safely ignore the nginx stuff, etc.
>
> >http://keoko.net/2009/02/experiences-with-ejabberd-and-flash-iii/
>
Lance Carlson
Sep 14, 2009, 4:40:16 PM9/14/09
to hem...@googlegroups.com
Can you trace the outgoing stream as well? The event is called
OutgoingDataEvent. If you just listen to that event on the connection
you should be able to see what XIFF is sending to the server. The
security errors often occur when the connection has closed and XIFF
tries to send data to the connection afterwards. Kind of a weird error
to show IMO when sending data to a closed connection.. but o well.
OutgoingDataEvent. If you just listen to that event on the connection
you should be able to see what XIFF is sending to the server. The
security errors often occur when the connection has closed and XIFF
tries to send data to the connection afterwards. Kind of a weird error
to show IMO when sending data to a closed connection.. but o well.
m44s
Sep 14, 2009, 4:52:23 PM9/14/09
to Hemlock
I'm not sure if I can.
My only reference from the other side is ejabberd log, and this is
what it shows:
{tcp_serv,start_session,3},
{proc_lib,init_p_do_apply,3}]}}}}
=ERROR REPORT==== 2009-09-14 10:29:43 ===
E(<0.35.0>:gen_mod:73) : {undef,
[{mod_http_poll,start,
["ashleymadison.com",[]]},
{gen_mod,start_module,3},
{lists,foreach,2},
{ejabberd_app,start,2},
{application_master,start_it_old,4}]}
flash log is showing, that policy has been ignored, for some reason,
and I can't figure why :
1
<body rid="786953" hold="2" ver="1.6" xmlns="http://jabber.org/
protocol/httpbind" secure="false" wait="10" />
Warning: Failed to load policy file from http://localhost:5222/crossdomain.xml
*** Security Sandbox Violation ***
Connection to http://localhost:5222/http-bind/ halted - not permitted
from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
Error: Request for resource at http://localhost:5222/http-bind/ by
requestor from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
is denied due to lack of policy file permissions.
<body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
protocol/httpbind" secure="false" wait="10" />
Error: [strict] Ignoring policy file at http://app-dev:5222/crossdomain.xml
due to missing Content-Type. See http://www.adobe.com/go/strict_policy_files
to fix this problem.
*** Security Sandbox Violation ***
Connection to http://app-dev:5222/http-bind/ halted - not permitted
from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
Error: Request for resource at http://app-dev:5222/http-bind/ by
requestor from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
is denied due to lack of policy file permissions.
here is my crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/schemas/
PolicyFile.xsd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" to-ports="843,5222,5280"/>
</cross-domain-policy>
I'm reading on a crossdomain.xml changes. this is where adobe drove me
bananas
My only reference from the other side is ejabberd log, and this is
what it shows:
{tcp_serv,start_session,3},
{proc_lib,init_p_do_apply,3}]}}}}
=ERROR REPORT==== 2009-09-14 10:29:43 ===
E(<0.35.0>:gen_mod:73) : {undef,
[{mod_http_poll,start,
["ashleymadison.com",[]]},
{gen_mod,start_module,3},
{lists,foreach,2},
{ejabberd_app,start,2},
{application_master,start_it_old,4}]}
flash log is showing, that policy has been ignored, for some reason,
and I can't figure why :
1
<body rid="786953" hold="2" ver="1.6" xmlns="http://jabber.org/
protocol/httpbind" secure="false" wait="10" />
Warning: Failed to load policy file from http://localhost:5222/crossdomain.xml
*** Security Sandbox Violation ***
Connection to http://localhost:5222/http-bind/ halted - not permitted
from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
Error: Request for resource at http://localhost:5222/http-bind/ by
requestor from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
is denied due to lack of policy file permissions.
<body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
protocol/httpbind" secure="false" wait="10" />
Error: [strict] Ignoring policy file at http://app-dev:5222/crossdomain.xml
due to missing Content-Type. See http://www.adobe.com/go/strict_policy_files
to fix this problem.
*** Security Sandbox Violation ***
Connection to http://app-dev:5222/http-bind/ halted - not permitted
from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
Error: Request for resource at http://app-dev:5222/http-bind/ by
requestor from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
is denied due to lack of policy file permissions.
here is my crossdomain.xml
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/schemas/
PolicyFile.xsd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*" to-ports="843,5222,5280"/>
</cross-domain-policy>
I'm reading on a crossdomain.xml changes. this is where adobe drove me
bananas
Lance Carlson
Sep 14, 2009, 4:59:01 PM9/14/09
to hem...@googlegroups.com
No, I'm saying on the flash client, add an event listener to the XIFF
connection you established and listen for the OutgoingDataEvent. This
*will* let you see the data going out to the ejabberd server FROM your
flash client.
connection you established and listen for the OutgoingDataEvent. This
*will* let you see the data going out to the ejabberd server FROM your
flash client.
m44s
Sep 15, 2009, 1:58:27 PM9/15/09
to Hemlock
Hello Lance
It gives nothing back. Nothing at all.
What worries me more, is that I keep getting :
<body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
secure="false" rid="207983" wait="10" />
before they appear, as swf is not accepted for communications.
I changed my crossdomain.xml a good hundred of times, and it is still
as useless.
On Sep 14, 4:59 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
> No, I'm saying on the flash client, add an event listener to the XIFF
> connection you established and listen for the OutgoingDataEvent. This
> *will* let you see the data going out to the ejabberd server FROM your
> flash client.
>
>
>
> On Mon, Sep 14, 2009 at 4:52 PM, m44s <motuze...@gmail.com> wrote:
>
> > I'm not sure if I can.
> > My only reference from the other side is ejabberd log, and this is
> > what it shows:
>
> > {tcp_serv,start_session,3},
> > {proc_lib,init_p_do_apply,3}]}}}}
>
> > =ERROR REPORT==== 2009-09-14 10:29:43 ===
> > E(<0.35.0>:gen_mod:73) : {undef,
> > [{mod_http_poll,start,
> > ["ashleymadison.com",[]]},
> > {gen_mod,start_module,3},
> > {lists,foreach,2},
> > {ejabberd_app,start,2},
> > {application_master,start_it_old,4}]}
>
> > flash log is showing, that policy has been ignored, for some reason,
> > and I can't figure why :
>
> > 1
> > <body rid="786953" hold="2" ver="1.6" xmlns="http://jabber.org/
> > protocol/httpbind" secure="false" wait="10" />
> > Warning: Failed to load policy file fromhttp://localhost:5222/crossdomain.xml
> > Error: Request for resource athttp://localhost:5222/http-bind/by
> > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > due to missing Content-Type. Seehttp://www.adobe.com/go/strict_policy_files
> > Error: Request for resource athttp://app-dev:5222/http-bind/by
> > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
It gives nothing back. Nothing at all.
What worries me more, is that I keep getting :
<body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
secure="false" rid="207983" wait="10" />
Warning: Failed to load policy file from http://localhost:5222/crossdomain.xml
*** Security Sandbox Violation ***
Connection to http://localhost:5222/http-bind/ halted - not permitted
from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
Error: Request for resource at http://localhost:5222/http-bind/ by
requestor from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
is denied due to lack of policy file permissions.
Which, as it looks, cuts all the actual connection attempts even
*** Security Sandbox Violation ***
Connection to http://localhost:5222/http-bind/ halted - not permitted
from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
Error: Request for resource at http://localhost:5222/http-bind/ by
requestor from http://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/private/chat/XIFFGUI.swf
is denied due to lack of policy file permissions.
before they appear, as swf is not accepted for communications.
I changed my crossdomain.xml a good hundred of times, and it is still
as useless.
On Sep 14, 4:59 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
> No, I'm saying on the flash client, add an event listener to the XIFF
> connection you established and listen for the OutgoingDataEvent. This
> *will* let you see the data going out to the ejabberd server FROM your
> flash client.
>
>
>
> On Mon, Sep 14, 2009 at 4:52 PM, m44s <motuze...@gmail.com> wrote:
>
> > I'm not sure if I can.
> > My only reference from the other side is ejabberd log, and this is
> > what it shows:
>
> > {tcp_serv,start_session,3},
> > {proc_lib,init_p_do_apply,3}]}}}}
>
> > =ERROR REPORT==== 2009-09-14 10:29:43 ===
> > E(<0.35.0>:gen_mod:73) : {undef,
> > [{mod_http_poll,start,
> > ["ashleymadison.com",[]]},
> > {gen_mod,start_module,3},
> > {lists,foreach,2},
> > {ejabberd_app,start,2},
> > {application_master,start_it_old,4}]}
>
> > flash log is showing, that policy has been ignored, for some reason,
> > and I can't figure why :
>
> > 1
> > <body rid="786953" hold="2" ver="1.6" xmlns="http://jabber.org/
> > protocol/httpbind" secure="false" wait="10" />
> > *** Security Sandbox Violation ***
> > Connection tohttp://localhost:5222/http-bind/halted - not permitted
> > fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > Connection tohttp://localhost:5222/http-bind/halted - not permitted
> > Error: Request for resource athttp://localhost:5222/http-bind/by
> > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > is denied due to lack of policy file permissions.
> > <body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
> > protocol/httpbind" secure="false" wait="10" />
> > Error: [strict] Ignoring policy file athttp://app-dev:5222/crossdomain.xml
> > <body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
> > protocol/httpbind" secure="false" wait="10" />
> > due to missing Content-Type. Seehttp://www.adobe.com/go/strict_policy_files
> > to fix this problem.
> > *** Security Sandbox Violation ***
> > Connection tohttp://app-dev:5222/http-bind/halted - not permitted
> > fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > *** Security Sandbox Violation ***
> > Connection tohttp://app-dev:5222/http-bind/halted - not permitted
> > Error: Request for resource athttp://app-dev:5222/http-bind/by
> > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
m44s
Sep 15, 2009, 2:39:10 PM9/15/09
to Hemlock
besides, i tried to switch back to socket connection and have got this
outgoing message:
>>outgoing: <?xml version="1.0"?><flash:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:flash="http://www.jabber.com/streams/flash" version="1.0">
but nothing on BOSH.
thank you )
On Sep 15, 1:58 pm, m44s <motuze...@gmail.com> wrote:
> Hello Lance
> It gives nothing back. Nothing at all.
> What worries me more, is that I keep getting :
>
> <body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
> secure="false" rid="207983" wait="10" />
> > > Connection tohttp://localhost:5222/http-bind/halted- not permitted
> ...
>
> read more »
outgoing message:
>>outgoing: <?xml version="1.0"?><flash:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:flash="http://www.jabber.com/streams/flash" version="1.0">
but nothing on BOSH.
thank you )
On Sep 15, 1:58 pm, m44s <motuze...@gmail.com> wrote:
> Hello Lance
> It gives nothing back. Nothing at all.
> What worries me more, is that I keep getting :
>
> <body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
> secure="false" rid="207983" wait="10" />
> > > fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > > Error: Request for resource athttp://localhost:5222/http-bind/by
> > > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > > is denied due to lack of policy file permissions.
> > > <body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
> > > protocol/httpbind" secure="false" wait="10" />
> > > Error: [strict] Ignoring policy file athttp://app-dev:5222/crossdomain.xml
> > > due to missing Content-Type. Seehttp://www.adobe.com/go/strict_policy_files
> > > to fix this problem.
> > > *** Security Sandbox Violation ***
> > > Connection tohttp://app-dev:5222/http-bind/halted- not permitted
> > > Error: Request for resource athttp://localhost:5222/http-bind/by
> > > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> > > is denied due to lack of policy file permissions.
> > > <body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
> > > protocol/httpbind" secure="false" wait="10" />
> > > Error: [strict] Ignoring policy file athttp://app-dev:5222/crossdomain.xml
> > > due to missing Content-Type. Seehttp://www.adobe.com/go/strict_policy_files
> > > to fix this problem.
> > > *** Security Sandbox Violation ***
>
> read more »
Lance Carlson
Sep 15, 2009, 5:07:54 PM9/15/09
to hem...@googlegroups.com
Did you figure out the problem? Are you also running that perl process
or whatever that is recommended to serve up the policy files?
http://github.com/mintdigital/hemlock/blob/master/script/flashpolicyd.pl
or whatever that is recommended to serve up the policy files?
http://github.com/mintdigital/hemlock/blob/master/script/flashpolicyd.pl
m44s
Sep 16, 2009, 9:33:05 AM9/16/09
to Hemlock
yes, I run it every time.
with BOSH it rarely shows that policy has been sent to swf, which
happens with socket connection with way more stable fashion.
still clueless why policy stops flash movie from connection
On Sep 15, 5:07 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
> Did you figure out the problem? Are you also running that perl process
> or whatever that is recommended to serve up the policy files?
>
> http://github.com/mintdigital/hemlock/blob/master/script/flashpolicyd.pl
>
>
>
> On Tue, Sep 15, 2009 at 2:39 PM, m44s <motuze...@gmail.com> wrote:
>
> > besides, i tried to switch back to socket connection and have got this
> > outgoing message:
>
> >>>outgoing: <?xml version="1.0"?><flash:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:flash="http://www.jabber.com/streams/flash" version="1.0">
>
> > but nothing on BOSH.
> > thank you )
>
> > On Sep 15, 1:58 pm, m44s <motuze...@gmail.com> wrote:
> >> Hello Lance
> >> It gives nothing back. Nothing at all.
> >> What worries me more, is that I keep getting :
>
> >> <body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
> >> secure="false" rid="207983" wait="10" />
> >> Warning: Failed to load policy file fromhttp://localhost:5222/crossdomain.xml
> >> *** Security Sandbox Violation ***
> >> > > Connection tohttp://localhost:5222/http-bind/halted-not permitted
> ...
>
> read more »
with BOSH it rarely shows that policy has been sent to swf, which
happens with socket connection with way more stable fashion.
still clueless why policy stops flash movie from connection
On Sep 15, 5:07 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
> Did you figure out the problem? Are you also running that perl process
> or whatever that is recommended to serve up the policy files?
>
> http://github.com/mintdigital/hemlock/blob/master/script/flashpolicyd.pl
>
>
>
> On Tue, Sep 15, 2009 at 2:39 PM, m44s <motuze...@gmail.com> wrote:
>
> > besides, i tried to switch back to socket connection and have got this
> > outgoing message:
>
> >>>outgoing: <?xml version="1.0"?><flash:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:flash="http://www.jabber.com/streams/flash" version="1.0">
>
> > but nothing on BOSH.
> > thank you )
>
> > On Sep 15, 1:58 pm, m44s <motuze...@gmail.com> wrote:
> >> Hello Lance
> >> It gives nothing back. Nothing at all.
> >> What worries me more, is that I keep getting :
>
> >> <body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
> >> secure="false" rid="207983" wait="10" />
> >> Warning: Failed to load policy file fromhttp://localhost:5222/crossdomain.xml
> >> *** Security Sandbox Violation ***
> >> > > fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> >> > > Error: Request for resource athttp://localhost:5222/http-bind/by
> >> > > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> >> > > is denied due to lack of policy file permissions.
> >> > > <body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
> >> > > protocol/httpbind" secure="false" wait="10" />
> >> > > Error: [strict] Ignoring policy file athttp://app-dev:5222/crossdomain.xml
> >> > > due to missing Content-Type. Seehttp://www.adobe.com/go/strict_policy_files
> >> > > to fix this problem.
> >> > > *** Security Sandbox Violation ***
> >> > > Connection tohttp://app-dev:5222/http-bind/halted-not permitted
> >> > > Error: Request for resource athttp://localhost:5222/http-bind/by
> >> > > requestor fromhttp://app-dev.amcluster.com/_pinf_app/amsite_v2/_pinf/structure/priv...
> >> > > is denied due to lack of policy file permissions.
> >> > > <body rid="786954" hold="2" ver="1.6" xmlns="http://jabber.org/
> >> > > protocol/httpbind" secure="false" wait="10" />
> >> > > Error: [strict] Ignoring policy file athttp://app-dev:5222/crossdomain.xml
> >> > > due to missing Content-Type. Seehttp://www.adobe.com/go/strict_policy_files
> >> > > to fix this problem.
> >> > > *** Security Sandbox Violation ***
>
> read more »
m44s
Sep 16, 2009, 2:07:56 PM9/16/09
to Hemlock
found a funny thing:
flash log shows, that swf tries to access <domain>:5222/
crossdomain.xml, instead of <domain>/crossdomain.xml
which is really strange, as I even hardcoded it into ChatManager.as.
So in real location <domain>/crossdomain.xml looks like this:
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="app-dev" to-ports="80,843,5222,5223,5280"/>
<allow-access-from domain="app-dev.amcluster.com" to-
ports="80,843,5222,5223,5280"/>
</cross-domain-policy>
where, when, somehow, redirected to <domain>:5222/crossdomain.xml,
looks like this:
<stream:stream id="none" from="ashleymadison.com" version="1.0">
<stream:error>
<xml-not-well-formed/>
</stream:error>
</stream:stream>
the most annoying part, is that I can't seem to find, where physically
this broken crossdomain.xml is located.
any guesses ?
thank you
On Sep 16, 9:33 am, m44s <motuze...@gmail.com> wrote:
> yes, I run it every time.
> with BOSH it rarely shows that policy has been sent to swf, which
> happens with socket connection with way more stable fashion.
> still clueless why policy stops flash movie from connection
>
> On Sep 15, 5:07 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
>
>
>
> > Did you figure out the problem? Are you also running that perl process
> > or whatever that is recommended to serve up the policy files?
>
> >http://github.com/mintdigital/hemlock/blob/master/script/flashpolicyd.pl
>
> > On Tue, Sep 15, 2009 at 2:39 PM, m44s <motuze...@gmail.com> wrote:
>
> > > besides, i tried to switch back to socket connection and have got this
> > > outgoing message:
>
> > >>>outgoing: <?xml version="1.0"?><flash:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:flash="http://www.jabber.com/streams/flash" version="1.0">
>
> > > but nothing on BOSH.
> > > thank you )
>
> > > On Sep 15, 1:58 pm, m44s <motuze...@gmail.com> wrote:
> > >> Hello Lance
> > >> It gives nothing back. Nothing at all.
> > >> What worries me more, is that I keep getting :
>
> > >> <body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
> > >> secure="false" rid="207983" wait="10" />
> > >> Warning: Failed to load policy file fromhttp://localhost:5222/crossdomain.xml
> > >> *** Security Sandbox Violation ***
> ...
>
> read more »
flash log shows, that swf tries to access <domain>:5222/
crossdomain.xml, instead of <domain>/crossdomain.xml
which is really strange, as I even hardcoded it into ChatManager.as.
So in real location <domain>/crossdomain.xml looks like this:
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="app-dev.amcluster.com" to-
ports="80,843,5222,5223,5280"/>
</cross-domain-policy>
where, when, somehow, redirected to <domain>:5222/crossdomain.xml,
looks like this:
<stream:stream id="none" from="ashleymadison.com" version="1.0">
<stream:error>
<xml-not-well-formed/>
</stream:error>
</stream:stream>
the most annoying part, is that I can't seem to find, where physically
this broken crossdomain.xml is located.
any guesses ?
thank you
On Sep 16, 9:33 am, m44s <motuze...@gmail.com> wrote:
> yes, I run it every time.
> with BOSH it rarely shows that policy has been sent to swf, which
> happens with socket connection with way more stable fashion.
> still clueless why policy stops flash movie from connection
>
> On Sep 15, 5:07 pm, Lance Carlson <lancecarl...@gmail.com> wrote:
>
>
>
> > Did you figure out the problem? Are you also running that perl process
> > or whatever that is recommended to serve up the policy files?
>
> >http://github.com/mintdigital/hemlock/blob/master/script/flashpolicyd.pl
>
> > On Tue, Sep 15, 2009 at 2:39 PM, m44s <motuze...@gmail.com> wrote:
>
> > > besides, i tried to switch back to socket connection and have got this
> > > outgoing message:
>
> > >>>outgoing: <?xml version="1.0"?><flash:stream to="app-dev.amcluster.com" xmlns="jabber:client" xmlns:flash="http://www.jabber.com/streams/flash" version="1.0">
>
> > > but nothing on BOSH.
> > > thank you )
>
> > > On Sep 15, 1:58 pm, m44s <motuze...@gmail.com> wrote:
> > >> Hello Lance
> > >> It gives nothing back. Nothing at all.
> > >> What worries me more, is that I keep getting :
>
> > >> <body ver="1.6" xmlns="http://jabber.org/protocol/httpbind" hold="2"
> > >> secure="false" rid="207983" wait="10" />
> > >> Warning: Failed to load policy file fromhttp://localhost:5222/crossdomain.xml
> > >> *** Security Sandbox Violation ***
>
> read more »
Ron DeVera
Sep 19, 2009, 6:53:33 PM9/19/09
to hem...@googlegroups.com
On Wed, Sep 16, 2009 at 2:07 PM, m44s <motu...@gmail.com> wrote:
> flash log shows, that swf tries to access <domain>:5222/
> crossdomain.xml, instead of <domain>/crossdomain.xml
> flash log shows, that swf tries to access <domain>:5222/
> crossdomain.xml, instead of <domain>/crossdomain.xml
This happens because Hemlock's XMPPConnection.as (not to be confused
with XIFF's XMPPConnection.as) requests your policy file from a
combination of your domain and your preferred port:
As you can see, you can override some parts of this policy request.
Inside your app's `config/environment.as`, you can set values for
`HemlockEnvironment.SERVER` and `HemlockEnvironment.POLICY_PORT`.
Could you please post the contents of your `config/environment.as`
file?
Cheers,
Ron
Reply all
Reply to author
Forward
0 new messages