So if the server needs to set the content-disposition to attachment to help the end-user from getting molested by malicious codes, then a few possible solutions at the moment should consider the old but fine double check handshake. So if all terms are met, then the server content-disposition will be set to a different property. Maybe this should be done by a Adobe maintained domain blacklist, or code blacklist. Then I would go to the settings of FFP10 and add my domain, which will be checked and then stored, so that everytime somebody visits my domain there will be a short double check and after the handshake the swf will load.
On 28 okt, 21:34, "Getify Solutions" <[EMAIL PROTECTED]> wrote: > FTA:http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_c... > > Thanks for letting us know, Solo. This is a very helpful gotcha to be aware > of. Me thinks me can expect lots of similar problems reported on this list > as we move forward and more and more people get FP10. The fix is relatively > easy to do, for at least some. > > But, the real problem here is that the most likely to hit up against this > gotcha are those who are in shared hosting environments, where this > "content-disposition:attachment" header is intentionally set by the server > admins to protect end-users from untrusted/user-uploaded content. > Unfortunately, those people are also least likely to have any control over > convincing their shared hosting provider to change it, since the change > affects potentially *lots* of people, not just one customer. > > Bummer, but an unfortunate necessary evil in today's security-paranoid world > (and rightly so, probably). > > I'm glad I run my own servers. :) > > --Kyle > > -------------------------------------------------- > From: "Solo" <[EMAIL PROTECTED]> > Sent: Tuesday, October 28, 2008 2:58 PM > To: "SWFObject" <[email protected]> > Subject: Re: SWFObject + Flash player 10 > > > > > Here is solution for Plone users > >http://dev.plone.org/plone/ticket/8624 > > > On Oct 17, 4:27 am, DavidL <[EMAIL PROTECTED]> wrote: > >> Hi, thanks so much everyone for all your help with this -- it's been > >> really helpful. Think I've learned loads about Flash (and SWFObject) > >> in the last 24 hours :) > > >> That content-disposition header is most probably where my problem lies > >> and seems to be coming from our application/CMS environment (Zope/ > >> Plone). Once the file's on the Apache filesystem we don't see the > >> problem. Hopefully this isolates the problem so I can sort it out. > > >> Sorry, getting a bit off-topic here, but thanks again all! > > >> Cheers, > >> David > > >> On Oct 16, 8:05 pm, "Getify Solutions" <[EMAIL PROTECTED]> wrote: > > >> > I get prompted to open/save as well... from my work LAN (which doesn't > >> > otherwise have problems with SWF's!) on IE7 winXPSP3. Could be a server > >> > problem. > > >> > --Kyle > > >> > -------------------------------------------------- > >> > From: "Geoff Stearns" <[EMAIL PROTECTED]> > >> > Sent: Thursday, October 16, 2008 1:12 PM > >> > To: "SWFObject" <[email protected]> > >> > Subject: Re: SWFObject + Flash player 10 > > >> > > argh, I replied to this, but I guess the groups thing swallowed my > >> > > reply :) > > >> > > Here's what I posted: > > >> > > I see the missing swf as well - it says "Movie not loaded..." which > >> > > usually means the path is wrong in the embed code... > > >> > > I looked and the swf is there, but i was prompted to download it when > >> > > I loaded the url, which shouldn't happen. So I dug a little more and > >> > > looked at the headers returned by the swf, and saw this: > > >> > > content-disposition attachment; filename="pgopeneve.swf" > > >> > > Now it could be because i'm on hotel wifi, but if everyone else sees > >> > > that too, that could be your problem. > > >> > > Here's more info on the issue: > >> > >http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_c... > > >> > > On Oct 16, 7:10 am, DavidL <[EMAIL PROTECTED]> wrote: > >> > >> Hi, > > >> > >> I installed Flash Player 10 today (ver 10.0.12.36 to be precise) and > >> > >> my sites which use SWFObject (v.2, dynamic publishing) don't display > >> > >> the Flash file. This is a problem across all but one of the browsers > >> > >> I > >> > >> tested on: FF 2 and 3 (no adBlock installed), IE 6 & 7, Chrome and > >> > >> Safari 3. Bizarrely it works with Opera 9.10. These are all on PC > >> > >> btw. > > >> > >> It looks like the Flash file is being initialised but then nothing > >> > >> displays. If you right-click on the movie you get the usual Flash > >> > >> menu. > > >> > >> Here's an example site where we're using it:http://www.bbk.ac.uk. > > >> > >> We're also using sIFR on this page which only works with Flash 10 on > >> > >> sIFR version 3 (I've got that working on a dev site). Both the > >> > >> SWFObejct and sIFR code worked fine with FP 9. > > >> > >> The code I'm using isn't too complex. This is the code which is > >> > >> replaced using SWFObject: > > >> > >> <div id="home-page-image"> > >> > >> <a href="http://www.bbk.ac.uk/openeve";><span id="home-page- > >> > >> flash"><img src="http://www.bbk.ac.uk/images/home-page-images/ > >> > >> PGhomepageNovNab.jpg" width="435" height="290" alt="Click here for > >> > >> more information about our Postgraduate Open Evening" /></span></a> > >> > >> </div> > > >> > >> and this is the Javascript which is just below the closing </body> > >> > >> tag: > > >> > >> <script type="text/javascript" > >> > >> src="http://www.bbk.ac.uk/swfobject.js";></script> > >> > >> <script type="text/javascript">if > >> > >> (document.getElementById('home-page- > >> > >> flash')) { > >> > >> swfobject.embedSWF("http://www.bbk.ac.uk/flash/homepage.swf";, "home- > >> > >> page-flash", "435", "290", "9.0.115.0");} > > >> > >> </script> > > >> > >> I've tried with SWFObject 2.1 and I get the same result. > > >> > >> I'd be grateful for any advice. If this is a problem local to my PC > >> > >> then that's ok but I'm worried it's more widespread than that. > > >> > >> Thanks, > >> > >> David --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "SWFObject" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/swfobject?hl=en -~----------~----~----~----~------~----~------~--~---
