Skip to main content
A
Anonymous
February 21, 2011
Answered

FMS 4 cant secure application with allowedSWFdomains.txt and allowedHTMLdomains.txt

  • February 21, 2011
  • 1 reply
  • 1207 views

Well i created an application called textchat and in its folder I copied the files from live

These


allowedHTMLdomains.txt*  allowedSWFdomains.txt*  main.asc  main.far*

Then I tested ap with * in the two allowd files. It works fine.

When I change the domain from * to mydomain  and restart then it blocks the application from working

on that domain and any other domain. Am I doing this wrong?

I tried putting www.mydomain.com an mydomain.com and neither makes a difference.

Basically I want to block all domains except the ones in the list. I don't understand why this isn't working.

Any  help would be greatly appreciated.

    This topic has been closed for replies.
    Correct answer

    Yes that is what I did exactly.


    I don't have an idea as such that why it is not working for you. Only thing that I can think of now is maybe your server machine does not recognize the domain name, i'e, it is not listed in its table. Also make sure when you are accessing the SWF you are using the domain name and not the IP, i.e, you are accessing swf as http://***.mydomain.com/connect.swf and not with IP or localhost.

    Also have you put mydomain.com in both allowedSWFdomains and allowedHTMLdomains. I know maybe you have all these correct, but just wanted to rule out few things

    1 reply

    A
    Anonymous
    February 22, 2011

    Hi ,

    When you say it is not working how are you trying to connect to the application. Have you accessed the SWF over HTTP or HTTPS. Please see their is a comment in the file AllowedSWFDomains.txt statung 'Applicable only for cases when SWF is accessed through http/https uri. Try hosting your client swf in the domain which you have added in your allow list (mydomain.com) and then try connection. This should work

    Thanks,

    Abhishek

    A
    Anonymous
    February 22, 2011

    I am accessing it from puting the files on a web server. Pulling up the web page on the domain. So http is the

    way I am connecting. It works ok until I remove the * and put in the domain then it stops working.

    I did find a solution I don't like it much but I grab the clien.referrer in the main.asc file and using some manipulation

    I get just the domain from that and close the connection based on not finding any of the domains I allow.


    It would be easier if the allowd* files worked. they work in the live application.

    Sucks to pay so much and not be able to use the built in features.

    A
    Anonymous
    February 22, 2011

    Hi,

    I just tried on my end by putting mydomain.com in allowedSWFDomains.txt and I hosted my SWF on stage.mydomain.com and I could see connection going through. Can you tell if you are doing something different from this?

    Thanks,

    Abhishek

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices