> My understanding is that the default behavior is the same for Flash 7 > and higher. It should deny access from your swf to content fetched > from another domain unless that domain has the appropriate cross > domain policy file allowing content to be fetched from the domain > containing your swf.
Yeah, that seems to align with what I've been finding. Thing is, that's not what's been happening. > So, I suspect that there's something else going on. Maybe some (most?) > requests are actually being served from servers within your CDN > initially, rather than from your original domain. For example, if I go > to www.microsoft.com, I'm actually going to > someserver.www.ms.akadns.net. Perhaps that's the default behavior for > many of your users? I'm kind of grasping at straws here. Straws appreciated and accepted. I don't think that's the case though. I opened MS Fiddler and hit on of our pages myself. (All of the streaming content on our site uses the same dynamic page and the same SWF player. The SWF player is not located on the CDN). This is what Fiddler showed me: Request for www.mysite.com/thePage.cfm Request for www.mysite.com/player.swf Request for www.mycdn.com/crossdomain.xml (Returned 404) Request for www.mycdn.com/theFile.mp3 It defies logic. By all rights flash should have shut down the SWF and never allowed it to access the last file. Hmm, a bit more Googling, and apparently that isn't always necessarily the case. According to this knowledge base article, Flash differentiates between simply playing an MP3 and extracting data from it. http://kb2.adobe.com/cps/963/50c96388.html This article appears to say that flash WILL allow an MP3 from another domain to be played, but will stop short of allowing you to extract data from it (like ID3 tags) without a crossdomain.xml file. Interesting... I'm not sure if that is affecting me or not. I'm using the JWPlayer and I'm pretty certain it doesn't do anything special to the MP3s. ~Brad ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
