Thanks ptw
still i am going to extend this discussion. By default in the
crossdomain.xml file the secure="false" is there. But i am not able to get
it solved. Is there any way to do that?
I gone through some information that
"Flash SWF files served over HTTP (or other insecure protocols) are no
longer allowed to access movies or data served over HTTPS. "
On Tue, May 18, 2010 at 6:05 PM, P T Withington <[email protected]> wrote:
> The adobe paper I referenced should explain all. I believe you have to
> specify secure='false':
>
> *1.5.5 HTTP-HTTPS communications*
> Example 1.6 demonstrates the most permissive use of allow-access-from granting
> any other domain access to the files on this target domain, even if an HTTP
> source is accessing data on this domain through HTTPS. It should be obvious
> that this practice is not recommended.
> *Example 1.6: allow-access-from: Most permissive access*
> <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "
> http://www.adobe.com/xml/dtds/cross-domain-policy.dtd";>
> <cross-domain-policy> <allow-access-from domain="*" secure="false"/>
> </cross-domain-policy>
>
>
> On 2010-05-18, at 08:27, jvvn murty wrote:
>
> Thanks ptw,
>
> we are going to both in https. Presently its in dev phase. Once
> everything is fine then we will put in prod with https only.
> For now we have to test it in dev and local with app in http.
> Can u please tell me what changes we have to do in crossdomain.xml to
> comeout of this issue?
>
> On Tue, May 18, 2010 at 5:53 PM, P T Withington <[email protected]> wrote:
>
> Running the app in http and service in https is insecure. You can permit
>
> it with crossdomain.xml, but you will have no security, since http app can
>
> send https data to some other (unknown) server. This is why most browsers
>
> issue a warning if you try to do this in HTML and why Flash does not permit
>
> it by default. If you app is manipulating secure data, it is best if the
>
> app and the data are from the same https server.
>
>
> On 2010-05-18, at 08:10, jvvn murty wrote:
>
>
> Hi ptw,
>
>
> my application is running with http and the services api is running
>
> in
>
> https.
>
> Is it possible to work like this? or i have to change my application
>
> server to https?
>
>
> is there any solution for the application in http and services in
>
> https?
>
>
>
>
> On Tue, May 18, 2010 at 4:44 PM, P T Withington <[email protected]> wrote:
>
>
> Are you fetching the app from the https server? It is not recommended
>
> that
>
> you permit a http app to access https data, although it can be done. To
>
> do
>
> so makes the use of https pointless. More information here:
>
>
>
>
>
> http://learn.adobe.com/wiki/download/attachments/64389123/CrossDomain_PolicyFile_Specification.pdf?version=1
>
>
> On 2010-05-18, at 06:51, jvvn murty wrote:
>
>
> Hi,
>
>
> I tried to work with https service API's in dataset but iam not able to
>
> hit the dataset and its giving crossdomain.xml problem.
>
>
> Is there any way to call the services with https ?
>
>
> just this is my example:
>
>
> <canvas proxied="false">
>
> <script>
>
> var srcs="https:// test url";
>
> </script>
>
> <dataset name="myDs" type="http" request="true" src="${srcs}">
>
> <handler name="ondata">
>
> Debug.write("test"+this.serialize())
>
> </handler>
>
> </dataset>
>
> </canvas>
>
>
>
>
>
>
>
