Jive feature request #2


I am hoping that this feature request will be adopted and implemented with the next

major update to jive. The issue is with sandboxing by flash and flex and the usage of

the crossdomain.xml file which must be on the server root domain and with Jive I don’'t

think it has a root domain. Peter over at Jabber.org had some fast moving foot work too get it to resolve correctly and he got it to work. I am sure you can ask him how he did it. I think root domains are for web servers and not for socket servers. This also assumes non local use. I would like to show people coming from google my

jabber jive examples like I was doing with jabber.org

Thanks Dan

Message was edited by:



I’‘m not sure exactly what you’'re asking for. Are you asking that Jive Messenger be able to serve a crossdomain.xml file? Would this actually ever make sense? Or, does the server listening at port 80 need to serve up a crossdomain.xml file?



I don’'t really know how jabber.org did it, but when I connect to jabber.org the first thing

I see on the status window is “reading crossdomain.xml” then the warning window “allow from this domain yes or no” . At http://www.jabber.org/crossdomain.xml you can review the domain policy file. I think they used a method which was not normal, but it worked. Peter or the tech guys at jabber.org can help you with the details. Thanks for the fast response.


P.S I can provide you with an live example if it will help you understand.


This isn’'t a Jive Messenger issue. You need to install a crossdomain.xml file onto the webserver of your server. See:

http://livedocs.macromedia.com/flash/mx2004/main_7_2/wwhelp/wwhimpl/common/html/ wwhelp.htm?context=Flash_MX_2004&file=00001097.html


"Policy files must be named crossdomain.xml, and can reside either at the root directory or in another directory on the server that is serving the data with some additional ActionScript (see About custom policy file locations). Policy files function only on servers that communicate over HTTP, HTTPS, or FTP. The policy file is specific to the port and protocol of the server where it resides.

For example, a policy file located at https://www.macromedia.com:8080/crossdomain.xml will apply only to data loading calls made to www.macromedia.com over HTTPS at port 8080.

An exception to this rule is the use of an XMLSocket object to connect to a socket server in another domain. In that case, an HTTP server running on port 80 in the same domain as the socket server must provide the policy file for the method call."

I would suggest a crossdomain.xml file of:

<?xml version="1.0"?>
  <allow-access-from domain="*" />




It would interesting to find a way to include the crossdomain xml packet from Jive which would look like a socket port 80 response from a web server. I was thinking in terms of a hack or spoof a crossdomain xml packet which would satisfy the sandbox. I am sure one of my users hinted of this very solution not too long ago.


Message was edited by: