Yes, that sounds tedious and frustrating.
Paul
- Original Message -
From: "Glen Pike"
To: "Flash Coders List"
Sent: Thursday, April 02, 2009 10:54 AM
Subject: Re: [Flashcoders] Proof of Concept - HTTPService objectdoesn't
requirecrossdomain-policy file
Hi,
It's an AS2 Flash application running standalone on Linux requesting
stuff from the localhost on various ports - the irritating thing is I
still have to implement x-domain files / responses on every port I connect
to, I tried setting a policy server up on the default port as per the
instructions on the devnet site, but this did not work..
My point is that the standalone Flash application is an exe, like Air,
so implies that a higher level of trust is required to run it, therefore
it should be allowed more "liberty" than a browser based Flash app. This
is one of the most irritating things about doing standalone stuff - I
can't load files from the file system because I am requesting over the
network. I am doing standalone because this is legacy stuff for a
kiosk...
Glen
Paul Andrews wrote:
Is this a projector or an AIR application?
Seems to me that if you say "network only" to an executable, it's like
running it in a browser with no "default" domain, whereas an AIR
application isn't restricted.
Paul
- Original Message - From: "Glen Pike"
To: "Flash Coders List"
Sent: Thursday, April 02, 2009 10:26 AM
Subject: Re: [Flashcoders] Proof of Concept - HTTPService objectdoesn't
require crossdomain-policy file
If that is the case then why is my standalone Flash exe restricted when
I set it to allow network access only?
Paul Andrews wrote:
Isn't the context for an AIR application different to a flash
application loaded from a browser?
In the browser the flash swf is loaded from a particular domain and
access outside that domain requires the crossdomain policy.
In an Air application there is no concept of the domain that the swf is
loaded from - it's essentially a desktop application.
Flash in Air and Flash in the browser have different security models.
Paul
- Original Message - From: "Johan Nyberg"
To:
Sent: Thursday, April 02, 2009 9:29 AM
Subject: [Flashcoders] Proof of Concept - HTTPService object doesn't
require crossdomain-policy file
Hi, thanks for all the response to my question about the
crossdomain.xml. But... I didn't get a lot of response to the fact
that HTTPService can access public feeds/content on other sites
without the need of a crossdomain.xml
Please check out the code included at the end of this post. I've
created a small AIR application (with a certificate) and it works
without a problem.
Am I missing something?
But again.. if my Flash app isn't allowed to access content on another
site, I can always throw together a simple php-script that extracts
the content for me that my Flash then can read...
And then I can go ahead and create my evil banner ad. ;-)
I understand that crossdomain policy files are here to stay. I just
don't understand why they don't allow me to access content on other
domains that I can access in other ways and then pass on to Flash.
--
Johan Nyberg
Web Guide Partner
Engelbrektsplan 1
114 34 Stockholm
08 - 50 00 24 30
070 - 407 83 00
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
___
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
