Flash Policy setup instructions

When you can't connect to a server and the client shows a security sandbox violation message, the server the IRCd is running on does not allow connections from a Flash client.
Due to the socket security policy Adobe introduced with Flash Player 9,0,124 you are forced to have a daemon that delivers a crossdomain.xml to allow establishing a connection.
It is not a restriction of lightIRC, but one of Adobe Flash!

IRC server runs on Linux

Our pick: flashpolicyd

To install a flash policy server on linux you need to do the following:
  • Download our prepared flashpolicyd (based on the flashpolicyd project):
> wget http://www.lightirc.com/release/flashpolicyd.zip
> unzip flashpolicyd.zip
> cd flashpolicyd
> wget https://raw.github.com/ripienaar/flashpolicyd/master/flashpolicyd.rb --no-check-certificate -O flashpolicyd.rb
> chmod a+x flashpolicyd.rb
  • Make sure you have Ruby installed. If you have not, you can maybe install it with one of the following commands depending on your Linux distribution or through compiling the Ruby sources:
> apt-get install ruby
> yum install ruby
  • Start flashpolicyd
    > ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log
    
  • Verify that flashpolicyd is running:
    > tail flashpolicyd.log
    

    If you see this message the flashpolicyd started succesfully:
    "Starting server on port xxx in process xxx"

Possible errors and their solution

It crashes/stalls!

This means you have a old version of flashpolicyd.rb, update it using the following command:

> wget https://raw.github.com/ripienaar/flashpolicyd/master/flashpolicyd.rb --no-check-certificate -O flashpolicyd.rb

It tell me I don't have permission to 'bind'!

If you get this error:

"Can't open server: Errno::EACCES Permission denied - bind(2)"
It means your tried to start the flashpolicyd on a port below 1024, which requires root access. Start the daemon as root (On debian systems you can use the command sudo for this) or use the following command:
> ./flashpolicyd.rb --xml flashpolicy.xml --logfile flashpolicyd.log --port 8002

Your flashpolicyd is now started as a normal user with a different port. You must pass the parameter policyPort (params.policyPort = 8002; in your config.js) to lightIRC.swf when starting flashpolicyd like this!

Other policy daemons

IRC server runs on Windows

We recommend the use of Silverlight and Flash Policy File Server
Download it from the project website, change the listening port in policyserver.exe.config to 843, put the following XML into policyfile.xml and start the application using policyserver.exe.

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only"/>
   <allow-access-from domain="*" to-ports="6667" />
</cross-domain-policy>

Setup instructions for Silverlight and Flash Policy File Server

policyserver.png - Setup instructions for Silverlight and Flash Policy File Server (52.5 KB) Valentin Manthei, 11/24/2010 09:44 am