[WebPlayer] File crossdomain.xml found but still throw Rejected because no crossdomain.xml error

Hi,

We are working on a project our client specifically asked to work on browser which not support webgl.

The html5/webgl version of the app is working, but when we want to use the webplayer version, we find the error:

"Rejected because no crossdomain.xml policy file was found"

We already check the sandbox related page of the documentation, and added the wanted file on our client server.

At the moment we have the confirmation that the file is requested by the application, and successfully return by the server :



We tested several version of the crossdomain version from the one from the documentation :

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="http://www.lagence3d.com/"/>
</cross-domain-policy>

To a more complete based on the adobe crossdomain specifications :

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="http://www.lagence3d.com"/>
<allow-http-request-headers-from domain="http://www.lagence3d.com" headers="*"/>
</cross-domain-policy>

But the error still there...

We really run out of ideas, so any suggestion will be appreciated.

ps: The application is compiled with unity 5.3.1f1 personal
ps2: French user, sorry for the difficulties with english.

 

What application did you use to create your crossdomain.xml file? I've seen this happen many times and it's almost always one of two problems:

1. The file is not UTF-8
2. The file is UTF-8 but has the BOM marker

If you've used a common windows text editor like Notepad and saved as UTF-8, it adds the BOM (Byte Order Mark) to the beginning of the file. It is beyond me why programs accessing crossdomain.xml don't check for the BOM and ignore it... but they don't.

If you're on Windows, install Notepad++ and open your crossdomain.xml file in it. Then go to the Encoding menu and choose "Convert to UTF-8". Make sure you choose that exact one, not the BOM option. Then save and re-upload your crossdomain.xml file and try it again and it should work for you.

 

Thanks for your reply, but it don't seems to be the source of the problem...

I've created three files to be sure using the option convert to utf8, to utf8 without bom and to ansi, but none of them solved the problem

 

Hmm... well, a couple of questions then:

1. Is your crossdomain.xml file on the same site/server that serves your Webplayer game?
2. Is it in the root of that website? It has to be there...
3. Are you sure http://www.lagence3d.com/ is the domain that you're on when you load the webplayer from said site above?

 

Not sure for all, i'll explain all the system :

The website and the bdd are both on our client server. On the website, there is an iframe which show a page on our server starting the application.

On our server, the application (index.php + application.unity3d) are on the folder :

www.lagence3d.com/unity/client/

On the client server, we don't control where's the iframe, but the crossdomain file is on the www folder...

Not sure if it is the root, but the logs in the browser show that the file crossdomain.xml return code 200, so i assume that's the right one.

 

I managed to access the detail log of unity (thanks to the security parameters of the compagny...)

so, when i tried to access the script on the client server i get :


About to parse url: http://www.client_server.com/client_script.php
Determining crossdomain.xml location for request: http://www.client_server.com/client_script.php
About to parse url: http://www.client_server.com/crossdomain.xml
Download had OK statuscode
Received the following crossdomain.xml
----------
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="http://www.lagence3d.com"/>
</cross-domain-policy>
----------
received policy
Parsing: cross-domain-policy
cross-domain-policy
Parsing: allow-access-from
allow-access-from
domain: http://www.lagence3d.com
done parsing policy
crossdomain.xml was succesfully parsed
About to parse url: http://www.client_server.com/client_script.php
Checking if http://www.client_server.com/client_script.php is a valid domain
Checking request-host: bed.ds-consulting-shop.com against valid domain: http://www.lagence3d.com
Rejected because there was no AllowedAcces entry in the crossdomain file allowing this request.
End Connection.


As the problem seems to come of the allowed url, i tried with an * filter and it works (yes, i'm ashamed to not tried that first...)

Now, the question is does somebody know why the initial url's not working ?

 

Because you're setting it up backwards. The Unity app is hosted on your domain... so you need to give access to the client domain (not yours). So the allow-url should be "http://www.client-server.com" instead of lagence3d.com.

 

I see, a big misunderstanding of the tag's name ...

A big thank's for your help !!!

 

Think of it as "A" giving permission to "B". Your WebPlayer game exists on "A"... now site "B" wants to load your game. Unity says "Hey, I've been requested by site B, but the game exists on site A... do I have permission to load it? Site A returns the clientpolicy.xml file which says "Yep, site B's URL is listed in the allows URLs so go ahead and play it".

This is to help prevent other sites from hotlinking your game and pretending to own it (or even charging uses to access it), because you can control who can serve the content. That's why using * isn't good outside of a dev / testing environment.

Also, if the game is on Site A, and the user is loading the game by visiting Site A directly, then you don't have to worry about it because it's the "origin", so it doesn't need to give itself permission.