Hi,
It's an AS2 Flash application running standalone on Linux requesting
stuff from the localhost on various ports - the irritating thing is I
still have to implement x-domain files / responses on every port I
connect to, I tried setting a policy server up on the default port as
per the instructions on the devnet site, but this did not work..
My point is that the standalone Flash application is an exe, like
Air, so implies that a higher level of trust is required to run it,
therefore it should be allowed more "liberty" than a browser based Flash
app. This is one of the most irritating things about doing standalone
stuff - I can't load files from the file system because I am requesting
over the network. I am doing standalone because this is legacy stuff
for a kiosk...
Glen
Paul Andrews wrote:
Is this a projector or an AIR application?
Seems to me that if you say "network only" to an executable, it's like
running it in a browser with no "default" domain, whereas an AIR
application isn't restricted.
Paul
----- Original Message ----- From: "Glen Pike"
<g...@engineeredarts.co.uk>
To: "Flash Coders List" <flashcoders@chattyfig.figleaf.com>
Sent: Thursday, April 02, 2009 10:26 AM
Subject: Re: [Flashcoders] Proof of Concept - HTTPService
objectdoesn't require crossdomain-policy file
If that is the case then why is my standalone Flash exe restricted
when I set it to allow network access only?
Paul Andrews wrote:
Isn't the context for an AIR application different to a flash
application loaded from a browser?
In the browser the flash swf is loaded from a particular domain and
access outside that domain requires the crossdomain policy.
In an Air application there is no concept of the domain that the swf
is loaded from - it's essentially a desktop application.
Flash in Air and Flash in the browser have different security models.
Paul
----- Original Message ----- From: "Johan Nyberg"
<johan.nyb...@webguidepartner.com>
To: <flashcoders@chattyfig.figleaf.com>
Sent: Thursday, April 02, 2009 9:29 AM
Subject: [Flashcoders] Proof of Concept - HTTPService object doesn't
require crossdomain-policy file
Hi, thanks for all the response to my question about the
crossdomain.xml. But... I didn't get a lot of response to the fact
that HTTPService can access public feeds/content on other sites
without the need of a crossdomain.xml
Please check out the code included at the end of this post. I've
created a small AIR application (with a certificate) and it works
without a problem.
Am I missing something?
But again.. if my Flash app isn't allowed to access content on
another site, I can always throw together a simple php-script that
extracts the content for me that my Flash then can read...
And then I can go ahead and create my evil banner ad. ;-)
I understand that crossdomain policy files are here to stay. I just
don't understand why they don't allow me to access content on other
domains that I can access in other ways and then pass on to Flash.
--
Johan Nyberg
Web Guide Partner
Engelbrektsplan 1
114 34 Stockholm
08 - 50 00 24 30
070 - 407 83 00
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
_______________________________________________
Flashcoders mailing list
Flashcoders@chattyfig.figleaf.com
http://chattyfig.figleaf.com/mailman/listinfo/flashcoders
