Forum QuickConnect Captcha failing due to cross domain error

Discussion and help relating to PlayerIO's QuickConnect feature, including Facebook Connect and Kongregate Connect.

Captcha failing due to cross domain error

Postby robertflesch » March 12th, 2015, 8:35 pm

When I deployed my app out into the real world for testing, I ran into this when trying to load the captcha used in creating new accounts. My app is running off my own server. So it has to go cross domain when getting captcha.

SecurityError: Error #2122: Security sandbox violation: LoaderInfo.content: http://mywebsite.com/mygame.swf cannot access https://content.playerio.com/getcaptcha ... 00cm2ACxiQ. A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.

I am loading this when I initialize my app.
Security.loadPolicyFile( "http://cdn.playerio.com/crossdomain.xml" );
Security.allowDomain( "*" );
and in the params I am specifying
allowScriptAccess: "always"

Suggestions?
I have been reading about checkPolicyFile for last few hours with no luck at all.

thanks for reading it
bob
robertflesch
Paid Member
 
Posts: 136
Joined: April 22nd, 2013, 9:18 pm

Re: Captcha failing due to cross domain error

Postby Henrik » March 13th, 2015, 9:37 am

We recently tightened our crossdomain security settings, seems like we tightened them too hard. We'll fix it as soon as possible.
Henrik
.IO
 
Posts: 1822
Joined: January 4th, 2010, 1:53 pm

Re: Captcha failing due to cross domain error

Postby robertflesch » May 14th, 2015, 4:43 pm

So two months later, are they fixed yet?
robertflesch
Paid Member
 
Posts: 136
Joined: April 22nd, 2013, 9:18 pm

Re: Captcha failing due to cross domain error

Postby Henrik » May 14th, 2015, 6:17 pm

Yeah, we fixed this almost two months ago:

https://content.playerio.com/crossdomain.xml

Are you still having issues?
Henrik
.IO
 
Posts: 1822
Joined: January 4th, 2010, 1:53 pm

Re: Captcha failing due to cross domain error

Postby mechanicallyseparatedgames » May 27th, 2015, 7:38 am

Yes. I am having a cross domain error problem trying to load images from GameFS into my Unity web player client, using the WWW class. (It works fine in the Unity editor.)

Unity's documentation (http://docs.unity3d.com/Manual/SecuritySandbox.html) seems to suggest that this may be the problem:
The Unity webplayer does not support the <allow-http-request-headers-from domain> tag.
mechanicallyseparatedgames
 
Posts: 18
Joined: June 18th, 2014, 6:24 am

Re: Captcha failing due to cross domain error

Postby Henrik » May 28th, 2015, 10:30 pm

That Unity page has some steps about debugging, can you try to follow that and get debug output for your game? That would help a lot.

Otherwise the only thing I see is that Unity doesn't support the allow-http-request-headers directive, but that means it should fallback to allow-access-from, right? It can't just fail if the other one is present because it doesn't know how to parse it?
Henrik
.IO
 
Posts: 1822
Joined: January 4th, 2010, 1:53 pm

Re: Captcha failing due to cross domain error

Postby mechanicallyseparatedgames » May 29th, 2015, 7:09 am

I followed the steps and have included the relevant log information below. Although the logs say that the crossdomain policy checks in all cases succeed, the GameFS calls fail.

On closer inspection, I see that multiple domains are being checked in my game and, in fact, achievement icons from https://content.playerio.com are being correctly accepted by the Unity web player. You can see the difference between Achievements images (blue clover) and GameFS images (red question mark with white background) in my game here:

http://i.imgur.com/90bjYXf.png

The difference appears to be that the http://playerio-a.akamaihd.net/crossdomain.xml file doesn't have secure="false" in the <allow-access-from domain="*" to-ports="80,443,911,8184"/> line, while the https://content.playerio.com/crossdomain.xml one does. API calls obviously work and http://api.playerio.com/crossdomain.xml is identical to https://content.playerio.com/crossdomain.xml.

(Unrelated to my problem, but I included it anyway, is the socket connection which from the logs looks like it is open to all ports.)


ACHIEVEMENTS

https://content.playerio.com/crossdomain.xml

<cross-domain-policy>
<allow-access-from domain="*" to-ports="80,443,911,8184" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>

GameFS

http://playerio-a.akamaihd.net/crossdomain.xml

<cross-domain-policy>
<allow-access-from domain="*" to-ports="80,443,911,8184"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>


WHEN YOU MAKE AN API CALL (Success)

About to parse url: http://api.playerio.com/api/412

Determining crossdomain.xml location for request: http://api.playerio.com/api/412

Download had OK statuscode

Received the following crossdomain.xml

----------

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" to-ports="80,443,911,8184" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
</cross-domain-policy>

----------

received policy

Parsing: cross-domain-policy

cross-domain-policy

Parsing: allow-access-from

allow-access-from

domain: *

to-ports: 80,443,911,8184

secure: false

Parsing: allow-http-request-headers-from

allow-http-request-headers-from

domain: *

headers: *

secure: false

done parsing policy

crossdomain.xml was succesfully parsed

About to parse url: http://api.playerio.com/api/412

Checking if http://api.playerio.com/api/412 is a valid domain

Checking request-host: api.playerio.com against valid domain: *


WHEN CONNECTING TO A SOCKET (Success)

About to parse url: http://api.playerio.com/api/27

Checking if http://api.playerio.com/api/27 is a valid domain

Checking request-host: api.playerio.com against valid domain: *

CheckSocketEndpoint called for 98.139.134.89 with port: 80

SocketPolicyClient1: Incoming GetPolicyStreamForIP

SocketPolicyClient1: About to BeginConnect to 98.139.134.89:843

SocketPolicyClient1: About to WaitOne

SocketPolicyClient1: Socket connected

received policy

Parsing: cross-domain-policy

cross-domain-policy

Parsing: allow-access-from

allow-access-from

domain: *

to-ports: *

done parsing policy

CheckSocketENdpoint returns :True


WHEN GETTING AN IMAGE TEXTURE FROM GameFS (Looks like a success but really fails)

About to parse url: http://api.playerio.com/api/85

Checking if http://api.playerio.com/api/85 is a valid domain

Checking request-host: api.playerio.com against valid domain: *

About to parse url: http://playerio-a.akamaihd.net/driedel- ... mplete.png

Determining crossdomain.xml location for request: http://playerio-a.akamaihd.net/driedel- ... mplete.png

Download had OK statuscode

Received the following crossdomain.xml

----------

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" to-ports="80,443,911,8184"/>

<allow-http-request-headers-from domain="*" headers="*" secure="false"/>

</cross-domain-policy>

----------

received policy

Parsing: cross-domain-policy

cross-domain-policy

Parsing: allow-access-from

allow-access-from

domain: *

to-ports: 80,443,911,8184

Parsing: allow-http-request-headers-from

allow-http-request-headers-from

domain: *

headers: *

secure: false

done parsing policy

crossdomain.xml was succesfully parsed

About to parse url: http://playerio-a.akamaihd.net/driedel- ... mplete.png

Checking if http://playerio-a.akamaihd.net/driedel- ... mplete.png is a valid domain

Checking request-host: playerio-a.akamaihd.net against valid domain: *

All requirements met, the request is approved


WHEN GETTING AN IMAGE TEXTURE FROM ACHIEVEMENTS (Success)

About to parse url: https://content.playerio.com/achievemen ... 2107.2.png

Determining crossdomain.xml location for request: https://content.playerio.com/achievemen ... 2107.2.png
About to parse url: https://content.playerio.com/crossdomain.xml

Download had OK statuscode

Received the following crossdomain.xml

----------

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" to-ports="80,443,911,8184" secure="false"/>

<allow-http-request-headers-from domain="*" headers="*" secure="false"/>

</cross-domain-policy>

----------

received policy

Parsing: cross-domain-policy

cross-domain-policy

Parsing: allow-access-from

allow-access-from

domain: *

to-ports: 80,443,911,8184

secure: false

Parsing: allow-http-request-headers-from

allow-http-request-headers-from

domain: *

headers: *

secure: false

done parsing policy

crossdomain.xml was succesfully parsed

About to parse url: https://content.playerio.com/achievemen ... 2107.2.png

Checking if https://content.playerio.com/achievemen ... 2107.2.png is a valid domain

Checking request-host: content.playerio.com against valid domain: *
mechanicallyseparatedgames
 
Posts: 18
Joined: June 18th, 2014, 6:24 am

Re: Captcha failing due to cross domain error

Postby Henrik » June 2nd, 2015, 7:17 pm

Thank you so much for helping us track down this issue. We've updated the origin file that you see through Akamai, it will take a while for the change to be picked up and distributed through the CDN, maybe up to 24 hours, so check back later and you should see the change.
Henrik
.IO
 
Posts: 1822
Joined: January 4th, 2010, 1:53 pm

Re: Captcha failing due to cross domain error

Postby mechanicallyseparatedgames » June 10th, 2015, 5:41 am

Rats. I still have the problem. It'll be a couple weeks before I can look at it again.
mechanicallyseparatedgames
 
Posts: 18
Joined: June 18th, 2014, 6:24 am

Re: Captcha failing due to cross domain error

Postby Henrik » June 10th, 2015, 5:00 pm

The one served out by Akamai has updated for me, are you not seeing the updated crossdomain.xml there? Or is there something else that's causing it to fail?
Henrik
.IO
 
Posts: 1822
Joined: January 4th, 2010, 1:53 pm

Re: Captcha failing due to cross domain error

Postby mechanicallyseparatedgames » June 11th, 2015, 6:21 am

It's something else. The akamai crossdomain.xml file is updated and looks identical to the one at content.playerio.com.

In my game, I load in the textures from GameFS and then later I load in the achievement icons. I think I just copied and pasted one code block to the next, but it was a long time ago, and used to work. I'll need to check if both blocks of code are identical still.
mechanicallyseparatedgames
 
Posts: 18
Joined: June 18th, 2014, 6:24 am

Re: Captcha failing due to cross domain error

Postby mechanicallyseparatedgames » September 5th, 2015, 7:22 am

The problem was with my code. A new version of Unity made my problem more explicit and I was able to fix it.
mechanicallyseparatedgames
 
Posts: 18
Joined: June 18th, 2014, 6:24 am

Re: Captcha failing due to cross domain error

Postby robertflesch » December 4th, 2015, 11:48 pm

The crossdomain.xml works now, but still generates warnings.
I don't like code that generates warnings!

This line of code
Security.loadPolicyFile( "https://content.playerio.com/crossdomain.xml" )
generates this warning

Warning: Domain content.playerio.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

and when I load
Security.loadPolicyFile( "https://content.playerio.com/crossdomain.xml" )

Warning: Ignoring 'secure' attribute in policy file from http://cdn.playerio.com/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.

Warning: Ignoring 'secure' attribute in policy file from http://cdn.playerio.com/crossdomain.xml. The 'secure' attribute is only permitted in HTTPS and socket policy files. See http://www.adobe.com/go/strict_policy_files for details.

Warning: Domain cdn.playerio.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.

This policy was changed by Adobe 6 years ago!
Glad it works, but is asking it to meet the Adobe security settings too much?
robertflesch
Paid Member
 
Posts: 136
Joined: April 22nd, 2013, 9:18 pm


Return to QuickConnect



cron