You are not logged in. Please login or register.
chumbysphere forum → Flash/Widget → crossdomain.xml
Does the crossdomain.xml limitation mean that the only time a chumby Flash widget can fetch an HTTP request is if the file name is crossdomain.xml? If so, does Flash allow GET or POST requests to crossdomain.xml? If it does, it seems that it would be simple enough to make a basic proxy to allow other files to be accessed through chumby widgets.
"crossdmain.xml" is Macromedia's version of robots.txt.
It basically allows a site to control access by Flash movies to content of their site. Unlike robots.txt, the assumption is that access is *not* granted if the file is not present.
It's a little XML file that inidicates permissions - the site administrator can control which domains can access the content. It *must* exist at the top level of the site.
When a Flash movie wants to access content, it compares the domain of the current movie (which is "chumby.com" for the chumby widgets) to the site from which content is being fetched. If the domains don't match, then the player fetches "crossdomain.xml" to get permission. If permission is granted, then the player fetches the content.
You can read more about this on Adobe/Macromedia's site at: http://www.adobe.com/cfusion/knowledgeb … d=tn_14213
While it is possible to use a proxy, that proxy must have a crossdomain.xml file.
Thanks a lot for the explanation.
Since cross-domain HTTP requests make some of the cooler widgets possible, a work-around to this would be important. A public proxy like this would be very easy to create, so if any flash developers are lucky enough to have a chumby before I do, feel free to send me a message to discuss solutions with a proxy.
Thanks a lot for the explanation.
Since cross-domain HTTP requests make some of the cooler widgets possible, a work-around to this would be important. A public proxy like this would be very easy to create, so if any flash developers are lucky enough to have a chumby before I do, feel free to send me a message to discuss solutions with a proxy.
I'd be interested in helping develop a standardized XML-Request format for the Chumby - something that Chumby developers can use to retrieve information from sites without the crossdomain.xml file. This would also enable easy aggregation of data to the device (for example, you could develop an application that shows latest blog posts from LiveJournal and MySpace, even though these sites do not share a common user list).
This would make information retrieval from the Chumby a LOT easier.
paulgb wrote:Thanks a lot for the explanation.
Since cross-domain HTTP requests make some of the cooler widgets possible, a work-around to this would be important. A public proxy like this would be very easy to create, so if any flash developers are lucky enough to have a chumby before I do, feel free to send me a message to discuss solutions with a proxy.
I'd be interested in helping develop a standardized XML-Request format for the Chumby - something that Chumby developers can use to retrieve information from sites without the crossdomain.xml file. This would also enable easy aggregation of data to the device (for example, you could develop an application that shows latest blog posts from LiveJournal and MySpace, even though these sites do not share a common user list).
This would make information retrieval from the Chumby a LOT easier.
Given the crossdomain.xml limitiation, it sounds like something like this would have to either be built into the Flash player source (which is not a likely solution), or use a proxy. The other possibility would be to have a localhost proxy that runs in the background, and cross domain requests could go through it.
like a modified linksys router running your favorite version of the firmware and a script that returns an "open for chumby" for every request for crossdomain.xml ? 
Actually, I was thinking of a server that ran from the chumby - perhaps taking advantage of the server that is already built into the chumby. I wonder if basic CGI support is still built in to the server?.
I think that server's very primitive - it's the one built into BusyBox. I don't know if it's configured for any type of CGI.
silent_guardian wrote:paulgb wrote:Thanks a lot for the explanation.
Since cross-domain HTTP requests make some of the cooler widgets possible, a work-around to this would be important. A public proxy like this would be very easy to create, so if any flash developers are lucky enough to have a chumby before I do, feel free to send me a message to discuss solutions with a proxy.
I'd be interested in helping develop a standardized XML-Request format for the Chumby - something that Chumby developers can use to retrieve information from sites without the crossdomain.xml file. This would also enable easy aggregation of data to the device (for example, you could develop an application that shows latest blog posts from LiveJournal and MySpace, even though these sites do not share a common user list).
This would make information retrieval from the Chumby a LOT easier.
Given the crossdomain.xml limitiation, it sounds like something like this would have to either be built into the Flash player source (which is not a likely solution), or use a proxy. The other possibility would be to have a localhost proxy that runs in the background, and cross domain requests could go through it.
I'm sorry, I didn't really articulate what I meant.
I meant developing a standard XML-Request format that can be used on a proxy for aggregating data from multiple sources. This would bypass the crossdomain.xml limitation.
Running a CGI on the local machine is a cool idea as well, and that's something that should be investigated.
Oh, I misread your other post the first time thinking you wanted to develop a flash library. I'm thinking an open-source server-side proxy might be a good idea, it seems very simple.
I don't know much about the internals of this thing because I haven't had the chace to actually see one yet. But if there was a way to port CURL over to it, you would be able do all sorts of neat things like pulling data from web services or scaping content from websites.
I don't know much about the internals of this thing because I haven't had the chace to actually see one yet. But if there was a way to port CURL over to it, you would be able do all sorts of neat things like pulling data from web services or scaping content from websites.
We actually use our own HTTP library, but we also have a version that uses CURL in order to provide FTP, HTTPS, etc.
However, this security layer we're talking about has nothing to do with the protocol handlers themselves - they happen at a lower level.
I've had my Chumby for a month now, and my workload is starting to die down and I'm excited to jump in. I agree that a proxy should be made available. If the swfs are serving from chumby.com, then they could host a server side file that acts as a proxy. I've done this several times to get around the crossdomain restriction, and since crossdomain security is becoming more of a hot topic, I bet we'll see restrictions tighten even more.
In flash, when loading the XML, I just call my server side script and append the URL of the content I want from a different domain:
xmlFeed.load("get_xml_01.php?url=" + url); //url is escaped
And then in a PHP file on the same server as my swf, I only need one line:
if($_GET['url']) readfile(urldecode($_GET['url']));
That's it. PHP returns the XML to the my swf file and the security restriction is effectively dodged. You can test locally without having to worry about the cross domain issues, but when it's live, and you don't have cross domain access, a proxy script like this works like a charm.
I'd like to offer the idea of adding this to the chumby servers, but obviously there could be a performance issue since the chumby servers would be effectively handling all of the XML requests. It would definitely help to create widgets using other web services.
Yes, we *could* do that, but as you point out, that means that we'd be processing all of the third-party content for all of the chumbys out there. That's not really practical - we can't proxy the entire Internet.
There are other issues, of course - if what we're doing is pulling in Flash movies across the proxy, then relative URLs won't work properly - for instance, a Flash movie pulling in other associated movies or content that is expected to be at the same location.
And the biggest issue - you're effectively getting rid of the whole *point* of the crossdomain system, which is to provide security to the user.
Yes, we *could* do that, but as you point out, that means that we'd be processing all of the third-party content for all of the chumbys out there. That's not really practical - we can't proxy the entire Internet.
There are other issues, of course - if what we're doing is pulling in Flash movies across the proxy, then relative URLs won't work properly - for instance, a Flash movie pulling in other associated movies or content that is expected to be at the same location.
And the biggest issue - you're effectively getting rid of the whole *point* of the crossdomain system, which is to provide security to the user.
Yeah... obviously there are security issues, but I wasn't even thinking of loading external swfs. I was more or less referring to getting XML feeds, which is just text. Still, it could potentially grow to be a lot of processing on the server side, but it's a helpful workaround when you can't get a service like Yahoo to add you to their policy file.
Yeah... obviously there are security issues, but I wasn't even thinking of loading external swfs. I was more or less referring to getting XML feeds, which is just text.
Unfortunately, it's not obvious how the proxy could reliably make that distinction.
I'm having an issue creating a configurable webcam app, I'm wondering if anyone can tell me if its the crossdomain limtation???
I'm reusing both the simplebanner & webcam code to create an applet that will point at a server on the local network. When I reuse the webcam code straight up everything works. E.g.
http://www.flickr.com/photos/pauric/457 … 064752283/
When I setup the configurable applet to define a variable from chumby.com it will not view the server images. I'm using the Flash dev environment, I noticed there's a setting for local playback security [local/network], is this relevent?
Does anyone know if the crossdomain limitation includes variables set outside the domain?
This is a real piss on my parade if it does. I'm not an actionscript guru, the fla's are avilable here if anyone wants to check - thanks all
http://web.mac.com/pauric_ocallaghan/webcam_config.fla
http://web.mac.com/pauric_ocallaghan/webcam_player.fla
A couple of things -
1) You should publish the movie as Flash 6, not FlashLite 1.1 - FlashLite 1.1 is roughly equivalent to Flash 4, so much of the Actionscript simply won't work with that version of Flash selected.
2) Your cam code is referencing the variable "banner", which is apparently the url you want to hit. However, this variable is defined on the main timeline of the widget, not the cam submovie. You should probably do:
url = _parent.banner;...to retrieve the value.
3) For the code to work, the server that the URL points to has to have the crossdomain.xml file, and the cam must supply images in non-progressive JPEG files.
4) Since configuring a widget is optional, it should use some default URL if the user doesn't configure it, so you code probably ought to be more like:
url = _parent.banner;
if (url==undefined) {
url = "http://www.example.com/some/web/camera/";
}Right on!!!
fyi I'm not using the crossdomain.xml on my local-network server. ITs on another subnet but within my domain.
I didnt use the '_parent.' of url = _parent.banner; from the simple banner code.. as its not there, so whats the fundamental difference here.. if you wouldnt mind explaining.
I wasnt compliing to flash 6, that may have been an issue too,
Thanks so much Duane, you help is appreciated
here she is!! http://www.flickr.com/photos/pauric/464252669/
Will do an instructable writeup on putting together a webcam on your local network soon. Sort of a 'security' camera setup
I had an epiphany the other night, and I have no idea why I didn't think of this originally. If I add chumby.com to my personal sever's cross domain file, and then have that server side script I was talking about hosted on that same personal server, my flash movie should be able to connect and get any XML that I request that way, right? It sounds too good to be true, but this would take the load off of your servers, only put load on my server for widgets that I create, and I can still get any XML feed that I want.
Feel free to squash my dreams, but that sounds like it will theoretically work.
Feel free to squash my dreams, but that sounds like it will theoretically work.
Yes, that should work. A few other widget developers have implemented that sort of system for their own widgets.
I didnt use the '_parent.' of url = _parent.banner; from the simple banner code.. as its not there, so whats the fundamental difference here.. if you wouldnt mind explaining.
The difference is that the Actionscript referring to the "banner" property in the SimpleBanner movie is on the main timeline, while the Actionscript that does the webcam functionallity is on a clip one level down. The Control Panel puts the variable on the top level - any submovies must use specify a path that resolves to the main timeline to access that variable.
Just to check, in the most relevant thread, what should the crossdomain.xml include?
An entry for Chumby.com? Anything else?
matt
If you want it to work with chumby widgets, then add "*.chumby.com". If you want the data available to Flash movies from other domains, add those domains. If you want to make the data available to Flash movies from *all* domains, add "*".
chumbysphere forum → Flash/Widget → crossdomain.xml
Powered by PunBB, supported by Informer Technologies, Inc.