HTTPS Insecure Resource Warning Fix (crossdomain.xml)

[wesley66101]

Hello Ragezone!
I'm going to post a fix for the SSL problem with crossdomain.xml!
First, a screen of the problem:


If you want to fix this, follow these steps:
1. Download RABCDAsm (RABCDAsm for RageZone)
2. UnZip it and open the folder you will see this:

3. Replace your habbo.swf in that foder
4. Click on DECOMPILER.bat
5. When it's done, press a key to exit
6. Then open Notepad++
7. The notepad++ that i use is in dutch, but do ctrl + f and click on Search in files
8. Search for: "/crossdomain.xml" in your RABCDAsm folder

9. After a few minutes, this is the result:

10.You must go to the AdManager.class.asasm file
11.Then you see this:

12. Change "http://" to https://

13. Save it and go back to the folder
14. Open RECOMPILER.bat
15. Test your new habbo.swf!

Do you have questions?? Ask it!
Does RABCDAsm not work? Place the problem in the help section.


Greetz: Wesley




Sorry for my bad english!

[MentaL]

[Brought]

Great tutorial. Thank you very much.

[Ben Crivelli]

I knew it had something to do with the swfs.

THANKS FOR THIS!!

EDIT: Tried it, still doesn't work. Strange.... :l

[wesley66101]

I knew it had something to do with the swfs.

THANKS FOR THIS!!

EDIT: Tried it, still doesn't work. Strange.... :l

Do you have it recompiled correct?? The second is, what i forgot to say in the tutorial... In external variables : ads.domain must be your main hotel domain name. For example: myhotelname.com

If it don't works, please make a screen of the error in the console

[Ben Crivelli]

Do you have it recompiled correct?? The second is, what i forgot to say in the tutorial... In external variables : ads.domain must be your main hotel domain name. For example: myhotelname.com

If it don't works, please make a screen of the error in the console

I cleared cached, and compiled it correctly.
I don't see what the problem is. Strange...

[scottstamp851]

Nice tutorial, Wesley. It should be noted though for clarification, this "error" is actually a warning. It won't prevent the crossdomain file from being loaded, Chrome just doesn't like it. It's considered a potential security issue. That being said, it's not really a big deal if someone sends a modified crossdomain.xml file using a proxy to your client. They're the only ones that get that content, and they can't really do anything with it.

Useful explanation of editing the code, but not really something people need to do for their hotels unless they're particularly picky.

[wesley66101]

Nice tutorial, Wesley. It should be noted though for clarification, this "error" is actually a warning. It won't prevent the crossdomain file from being loaded, Chrome just doesn't like it. It's considered a potential security issue. That being said, it's not really a big deal if someone sends a modified crossdomain.xml file using a proxy to your client. They're the only ones that get that content, and they can't really do anything with it.

Useful explanation of editing the code, but not really something people need to do for their hotels unless they're particularly picky.

Hello,
TNX! The main reason why i want to share it is because you will get a SSL warning in the URL bar.

[scottstamp851]

Really? That shouldn't occur, since the assets are loaded after the page. I haven't noticed the behavior but I'm fairly sure it shouldn't happen. Sounds like it's more likely another asset, one related to the page itself (JavaScript, CSS, images, etc) which is loading over HTTP.

Do you have any examples of this happening? I'll happily take a look.

[wesley66101]

Really? That shouldn't occur, since the assets are loaded after the page. I haven't noticed the behavior but I'm fairly sure it shouldn't happen. Sounds like it's more likely another asset, one related to the page itself (JavaScript, CSS, images, etc) which is loading over HTTP.

Do you have any examples of this happening? I'll happily take a look.

First, the SSL icon is fully green, then everythings loads in the client... And when the crossdomain loads the icon change to a warning icon
I'm 100% sure its due to crossdomain but i can reproduce it if you want!

Do you have Skype? Thats a way more easier to show!

Greetz: Wesley

[Sledmore]

I just very simply added "ads.domain=" to my override_variables file.

And it did the trick (overrides as I just use .com's variables when I update), its much simpler than modifying the SWF.

[scottstamp851]

First, the SSL icon is fully green, then everythings loads in the client... And when the crossdomain loads the icon change to a warning icon
I'm 100% sure its due to crossdomain but i can reproduce it if you want!

Do you have Skype? Thats a way more easier to show!

Greetz: Wesley

Ah, I get you now. Didn't realize Chrome inspected that data for Flash but it makes sense. The same thing happens if JavaScript loads in an asset over http after the page load. Sledmore's suggestion sounds like an easier workaround, I'm surprised it works though, Flash is usually forced to obey crossdomain over anything else, it's a security thing.

Thanks for the explanation.

[Sledmore]

Ah, I get you now. Didn't realize Chrome inspected that data for Flash but it makes sense. The same thing happens if JavaScript loads in an asset over http after the page load. Sledmore's suggestion sounds like an easier workaround, I'm surprised it works though, Flash is usually forced to obey crossdomain over anything else, it's a security thing.

Thanks for the explanation.

Yeah, it's not really been explained properly in this thread - but the whole thing is just related to Habbos in-game adverts (I think, which if so they're long, long, long gone, and not the ones called via their habblet widgets), the code in the SWF just checks if the property ads.domain isn't null, if it isn't null it'll call the crossdomain file so it's just easier to give it a null value.

I'm going to guess that this system isn't even in use as Habbo have 'interstitial.enabled' set to false in their variables.

Screenshot on 10.8.2015 at 4.51.15 PM.png • Droplr

[scottstamp851]

Yeah, it's not really been explained properly in this thread - but the whole thing is just related to Habbos in-game adverts (I think, which if so they're long, long, long gone, and not the ones called via their habblet widgets), the code in the SWF just checks if the property ads.domain isn't null, if it isn't null it'll call the crossdomain file so it's just easier to give it a null value.

I'm going to guess that this system isn't even in use as Habbo have 'interstitial.enabled' set to false in their variables.

Screenshot on 10.8.2015 at 4.51.15 PM.png • Droplr

They're using the crossdomain now because they load some image assets in from a separate domain, like photos or public room backgrounds. ;)

[Jacob Lucado]

Much easier to use JPEX to do this.

[DinamicUser]

Work.
Thank you! :)

Spoiler: