What to do with network crashes when loading crossdomain.xml policy file?

Question

What to do with network crashes when loading crossdomain.xml policy file?

I track (and log on the server) most of the user errors in our flash game. Quite often, I see security errors associated with trying to make requests for a cross-domain URL (usually the Facebook API). 99% of our players can make these Graph API calls without a problem.

What I think is that the client makes a request but does not load the crossdomain.xml file. I don’t quite understand how AS3 handles this in case of refusal to download the crossdomain policy file ... will it try again for each URLRequest until it succeeds in downloading it, or will it just stay forever? What is the “best practice” in response to such a security error?

I preload the Facebook policy files once, ahead of time, for example:

 // allow images to be loaded from facebook and facebook cdn's. Security.loadPolicyFile( "http://www.facebook.com/crossdomain.xml" ); Security.loadPolicyFile( "https://api.facebook.com/crossdomain.xml" ); Security.loadPolicyFile( "https://graph.facebook.com/crossdomain.xml" ); Security.loadPolicyFile( "http://profile.ak.fbcdn.net/crossdomain.xml" );

then I also checked the policy file again when creating the URLRequest .

+8

security flash actionscript-3 facebook facebook-graph-api

Toxikman Sep 13 '11 at 8:17

source share

2 answers

My tests showed that they are repeated every 10 seconds or so, so I assume that an error message should appear and try again in a few seconds.

0

Jonatan hedborg Oct 3 '11 at 8:15

source share

pcardune · Accepted Answer · 2011-10-31T02:05:51+0000

Here is a solution that works.

Assuming you are using URLLoader to read data from one of the domains that have the crossdomain.xml file, and you call loadPolicyFile to preload the crossdomain.xml, it is possible that the download will fail, either from network connectivity problems or with downstream server or from solar flares. When you configure URLLoader , you can add an event listener for SecurityErrorEvent.SECURITY_ERROR . In an even listener, you can try downloading the policy file again. Policy files are cached even if they don’t load (thanks adobe), so you’ll have to add a cache break request parameter.

Here is a simple example of how this will work:

 public function loadMyFriends():void { var urlLoader:URLLoader = new URLLoader(); urlLoader.addEventListener( SecurityErrorEvent.SECURITY_ERROR, handleSecurityError); urlLoader.load(new URLRequest('https://graph.facebook.com/me/friends')); } private function handleSecurityError(event:Event):void { Security.loadPolicyFile( "https://graph.facebook.com/crossdomain.xml?__cb"=Math.random()); loadMyFriends(); }

In practice, you probably want to limit the number of retries and possibly make an exponential shutdown if this is really a network connection problem, and not just a dead server that is not properly handled by the load balancer.

What to do with network crashes when loading crossdomain.xml policy file?

More articles: