Murtuza Topiwalla » crossdomain http://www.sowebme.com/murtaza Blog about flash, movies, travel and more! Email me at yankeedoodles[at]hotmail[dot]com for anything you want to add! Wed, 13 Oct 2010 02:32:33 +0000 en hourly 1 http://wordpress.org/?v=3.1.3 HTTPS with Flash http://www.sowebme.com/murtaza/2009/09/https-with-flash/ http://www.sowebme.com/murtaza/2009/09/https-with-flash/#comments Mon, 28 Sep 2009 00:17:43 +0000 Murtuza http://www.sowebme.com/murtaza/?p=124 Recently and a long time back, sometime in December 08 to be exact, I had the rare challenge of making HTTPS calls from a swf which did not sit on the same server. I faced quite a bunch of problems and I still do. But I do have some solutions which I have found on the internet from reliable sources, though not tried and tested, which may solve your issues should you come across this situation at any time.

The “allow-access-from” has an attribute called secure which very few people use.

Adobe says : 

secure
[HTTPS and Sockets only, optional] When false, allows an HTTPS policy file to grant access to a request coming from an HTTP source. The default for URL policy files is true, providing only HTTPS sources permission. Using false is not recommended. Socket policy files use a default of false.

So a sample would be

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
	<allow-access-from domain="*.somedomain.com" secure="false"/>
</cross-domain-policy>

The second option which I believe will never give you any problems is using a proxy. This works even when you cannot get a crossdomain file onto the server you are feeding from.

A sample PHP Proxy is as follows:

<?php
$dataURL = "http://www.sowebme.com/murtaza/feed/";
//note that this does not follow redirects.
readfile($dataURL);
?>

]]> http://www.sowebme.com/murtaza/2009/09/https-with-flash/feed/ 0