loadPolicyFile help

This policy file stuff isn't a new thing. The same problem exists with Flash, and they're the ones that came up with the policy file idea. The policy file itself is generic. It will work for any web application, so Adobe copied the idea over to Acrobat. Here's a link to the specification.

http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.php


Thom Parker
The source for PDF Scripting Info
[url=http://www.pdfScripting.com]pdfscripting.com[/url]

The Acrobat JavaScript Reference, Use it Early and Often
[url=http://www.adobe.com/devnet/acrobat/]http://www.adobe.com/devnet/acrobat/[/url]

Hi!

Have you got this to work?

Thanks,
Chris

Hi,

No - and it may be me, but I find it very confusing.

I've put the javascript:

app.loadPolicyFile("http://www.my-domain-name.com/flash/pf.xml");

in a document level script in my PDF and have uploaded the file 'pf.xml' to the 'flash' folder where the SWF file I wish to download is stored.

The SWF file was then inserted into the PDF
(set to stream in from: http://www.my-domain-name.com/flash/myfile.swf)

However when the PDF is opened it still pops up the linking to URL security warning!

I've also tried putting the crossdomain.xml file in the root of the server so that Reader can default to it if it can't find the pf.xml file (like it says in the javascript V9 documentation).

On all the searches I've done on the web I've yet to find a complete guide to how to achieve this. Whilst I appreciate the need for security protocols I do wish that Adobe would be less opaque in their documentation - after all, all I'm trying to do is give my end-users a more enjoyable and secure experience with an interactive PDF.

Are you sure the syntax/gramar of the policy file is correct? That is contains the correct entries??

Have you read the crossDomain Policy file reference?

http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.php

and this article

http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.php


Thom Parker
The source for PDF Scripting Info
[url=http://www.pdfScripting.com]pdfscripting.com[/url]

The Acrobat JavaScript Reference, Use it Early and Often
[url=http://www.adobe.com/devnet/acrobat/]http://www.adobe.com/devnet/acrobat/[/url]

Hi Thomp,

Thanks for your help, yes I have read these articles (and lots more) and I thought I knew what needed to be setup - but obviously not. Here is what I've done:


The javascript:

app.loadPolicyFile("http://www.my-domain-name.com/crossdomain.xml");

is set as document level script.


The crossdomain.xml file is in the root of my server space (www.my-domain-name.com) and contains:

<?xml version="1.0"?>The Flash file has actionscript in the first frame, this is:

System.security.allowInsecureDomain("www.'my-domain-name.com");

Obviously the actual domain name is used instead of 'my-domain-name.com

The PDF has 3 pages with streaming Flash inserted on each page set to play on page visible, these Flash files (swf) are in the folder 'flash' on the domain 'www.my-domain-name.com'.

When the PDF opens it pops up the access URL warning followed by the multimedia content trust alert - this happens for the first page. When I open the other pages only the access URL warning pops up.

What I'm trying to achieve is to remove these access URL warnings, I thought I could do this with the app.loadPolicyFile command - is this possible or have I missunderstood this new feature?

All this has been done on Flash 8 and Acrobat Pro 8 and has been tested on Reader 9 on both PC (XP and Vista) and Mac (OSX 10.4).


Synergy.

Well you are correct in thinking the CrossDomain file should remove the warnings. That's what it's for. And it look like you have all the correct bits as well. I havn't done detailed testing in this area so I don't know if you are missing an important detail, but it doesn't look like.

Have you seen a CrossDomain file used successfully in an application like yours? If you can't find one then you may be one of the first to try it out. Ask in the Rich Media forum if anyone has a working model.

If no one has a working model then it's time to contact Adobe support? It could be a bug.

Thom Parker
The source for PDF Scripting Info
[url=http://www.pdfScripting.com]pdfscripting.com[/url]

The Acrobat JavaScript Reference, Use it Early and Often
[url=http://www.adobe.com/devnet/acrobat/]http://www.adobe.com/devnet/acrobat/[/url]

Hi everyone,

I have been playing around with this for a few hours as well and am having the same problems, instead using this.getURL - and still get security popups - looks like it doesn't work, bug?

Hi everyone,

Well - after more messing about I achieved some success when the PDF is viewed in the browser, it still asks for permission to play the Flash content for the first page but then is happy to play more Flash comtent from the same URL on further pages without mention of the URL access or Flash play permission.

However all atempts to duplicate this from a standalone version of Reader (8 or 9) have failed.

The documentation (Enhanced Security in Adobe Acrobat 9 and Adobe Reader 9) a Adobe Technical White Paper - 7 July 2008, states that the use of the wild card (*) in the crossdomain policy file will fix this:


Note 1: The following examples show typical entries that might be used in a
crossdomain.xml file, as shown in Table 1 above:

Note 2: This case of a secure host receiving data from a non-secure host requires the
same statements shown in Note 1 plus the following:

But I still can't get this to work.

Has anyone any more ideas on this topic?


Synergy.

Hi Synergy,

I too had success in a browser (no security warnings at all), although I could also open any url to any domain with/without policy files.

Standalone reader does not work at all, so to me it looks like it is doing nothing at all.

I have tried "allow-access-from-domain domain="*" "

which according to all documentation should simply allow everything, but still no luck.