RE: SOT: Default Flash behavior when crossdomain.xml is absent
> But can't you just go ahead and create a crossdomain file and avoid > this problem altogether? Of course, and I already have. My personality is such that I like to find out exactly why things were broke-- not just wiggle wires until it turns on, shrug, and continue. :) ~Brad ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331663 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Default Flash behavior when crossdomain.xml is absent
> Straws appreciated and accepted. I don't think that's the case though. I > opened MS Fiddler and hit on of our pages myself. (All of the streaming > content on our site uses the same dynamic page and the same SWF player. The > SWF player is not located on the CDN). This is what Fiddler showed me: > > Request for www.mysite.com/thePage.cfm > Request for www.mysite.com/player.swf > Request for www.mycdn.com/crossdomain.xml (Returned 404) > Request for www.mycdn.com/theFile.mp3 > > It defies logic. By all rights flash should have shut down the SWF and > never allowed it to access the last file. > > Hmm, a bit more Googling, and apparently that isn't always necessarily the > case. According to this knowledge base article, Flash differentiates > between simply playing an MP3 and extracting data from it. > http://kb2.adobe.com/cps/963/50c96388.html > > This article appears to say that flash WILL allow an MP3 from another domain > to be played, but will stop short of allowing you to extract data from it > (like ID3 tags) without a crossdomain.xml file. Interesting... I'm not sure > if that is affecting me or not. I'm using the JWPlayer and I'm pretty > certain it doesn't do anything special to the MP3s. Well there you go, I've never tried loading MP3s specifically and didn't know there was a policy exception for them. And I have no idea what's in an MP3 that JWPlayer would read sometimes and not read other times. But can't you just go ahead and create a crossdomain file and avoid this problem altogether? Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, o ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331655 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Default Flash behavior when crossdomain.xml is absent
> My understanding is that the default behavior is the same for Flash 7 > and higher. It should deny access from your swf to content fetched > from another domain unless that domain has the appropriate cross > domain policy file allowing content to be fetched from the domain > containing your swf. Yeah, that seems to align with what I've been finding. Thing is, that's not what's been happening. > So, I suspect that there's something else going on. Maybe some (most?) > requests are actually being served from servers within your CDN > initially, rather than from your original domain. For example, if I go > to www.microsoft.com, I'm actually going to > someserver.www.ms.akadns.net. Perhaps that's the default behavior for > many of your users? I'm kind of grasping at straws here. Straws appreciated and accepted. I don't think that's the case though. I opened MS Fiddler and hit on of our pages myself. (All of the streaming content on our site uses the same dynamic page and the same SWF player. The SWF player is not located on the CDN). This is what Fiddler showed me: Request for www.mysite.com/thePage.cfm Request for www.mysite.com/player.swf Request for www.mycdn.com/crossdomain.xml (Returned 404) Request for www.mycdn.com/theFile.mp3 It defies logic. By all rights flash should have shut down the SWF and never allowed it to access the last file. Hmm, a bit more Googling, and apparently that isn't always necessarily the case. According to this knowledge base article, Flash differentiates between simply playing an MP3 and extracting data from it. http://kb2.adobe.com/cps/963/50c96388.html This article appears to say that flash WILL allow an MP3 from another domain to be played, but will stop short of allowing you to extract data from it (like ID3 tags) without a crossdomain.xml file. Interesting... I'm not sure if that is affecting me or not. I'm using the JWPlayer and I'm pretty certain it doesn't do anything special to the MP3s. ~Brad ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331633 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
Re: SOT: Default Flash behavior when crossdomain.xml is absent
> Quick question-- I swear I've Googled the crap out of this and for the > life of me I can't get a definitive answer. > > We have two domains. > www.oursite.com > www.ourcdn.com > > We have a SWF player hosted at www.oursite.com which loads mp3s (among > other things) from www.ourcdn.com. > www.ourcdn.com does NOT have a crossdomain.xml policy file. > > Most of our users have no issues with the flash player loading the > "off-site" content. Several people however report an error that I > assume is Flash refusing to load the off-site content due to the lack of > a cross domain policy. > > The obvious answer here is I need to create a crossdomain.xml file on > www.ourcdn.com that specifies www.oursite.com as a valid location that > can load its content via flash. > > However, in the name of curiosity, I would like to figure out which of > my users are affected and why. > > Can anyone tell me what the default behavior of flash 7, 8, 9, 10, etc > is if there is no cross domain policy _on_ the server hosting the > content? Does it deny by default or allow? Based on what I am seeing, > I assume some versions allow by default, while others deny but for the > life of me I can't find conclusive documentation for all versions of > Flash that compares their behavior. All I can find of the Internet is > eleventy-billion how-to's on creating a policy new. (thanks but I > already know how) My understanding is that the default behavior is the same for Flash 7 and higher. It should deny access from your swf to content fetched from another domain unless that domain has the appropriate cross domain policy file allowing content to be fetched from the domain containing your swf. So, I suspect that there's something else going on. Maybe some (most?) requests are actually being served from servers within your CDN initially, rather than from your original domain. For example, if I go to www.microsoft.com, I'm actually going to someserver.www.ms.akadns.net. Perhaps that's the default behavior for many of your users? I'm kind of grasping at straws here. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or on ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331622 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
SOT: Default Flash behavior when crossdomain.xml is absent
Quick question-- I swear I've Googled the crap out of this and for the life of me I can't get a definitive answer. We have two domains. www.oursite.com www.ourcdn.com We have a SWF player hosted at www.oursite.com which loads mp3s (among other things) from www.ourcdn.com. www.ourcdn.com does NOT have a crossdomain.xml policy file. Most of our users have no issues with the flash player loading the "off-site" content. Several people however report an error that I assume is Flash refusing to load the off-site content due to the lack of a cross domain policy. The obvious answer here is I need to create a crossdomain.xml file on www.ourcdn.com that specifies www.oursite.com as a valid location that can load its content via flash. However, in the name of curiosity, I would like to figure out which of my users are affected and why. Can anyone tell me what the default behavior of flash 7, 8, 9, 10, etc is if there is no cross domain policy _on_ the server hosting the content? Does it deny by default or allow? Based on what I am seeing, I assume some versions allow by default, while others deny but for the life of me I can't find conclusive documentation for all versions of Flash that compares their behavior. All I can find of the Internet is eleventy-billion how-to's on creating a policy new. (thanks but I already know how) Thanks. ~Brad ~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331621 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm
