We have seen an issue that if you load an app over regular
(non-secure) HTTP, and then
try to make a secure data request over HTTPS, that the newer Flash
players will refuse to fetch the data. I think this is a new security
policy from Macromedia. If you read their documentation, they refer to
some workarounds for this, but always as "legacy" or "Flash 6
compatibility", so I think they have phased out this behavior, as it
is a potential security hole.
On 8/22/07, Magyar Tibor <[EMAIL PROTECTED]> wrote:
>
> Hi all!
>
> I have a simple app ( below ), I call a php file to write a log file on the
> server. It works fine, when I use http. But when I try to use https, nothing
> happens.
> I put a crossdomain.xml to the root of the server but it didn't work.
> System.security.loadPolicyFile script also placed in the code.
> Can anyone help let me know what's the problem?
>
> Thanks a lot!
>
> My app:
>
> <canvas>
> <script>
>
> System.security.loadPolicyFile("https://mydomain/crossdomain.xml";);
> </script>
> <dataset name="dsTestHttps" secure="true"/>
> <view id="win" layout="axis:y;spacing:2">
> <method name="testcall">
> // set URL for testing
> var testURL = 'https://mydomain/sm/logger.php'
> // do request
> dsTestHttps.setAttribute( 'src', testURL );
> dsTestHttps.doRequest();
> </method>
> <button onclick="parent.testcall()">call logger</button>
> </view>
> </canvas>
>
>
>
>
> ______________________________________________________________________________________
> Belevaló ajánlatok iskolakezdéshez! Vásároljon tankönyvet, számológépet,
> írószert sorban állás nélkül! [origo] vásárlás
--
Henry Minsky
Software Architect
[EMAIL PROTECTED]
