I made a blog widget in flex. I need manipulate cookie in my widget which is added to my user's blog. But under some circumstance, some blog hosts forbid accessing to javascript, so i can not access cookie in flex by externalInterface. Does anyone know how to access cookie in this context? thanks.
You need to set allowScriptAccess to "*" in your embed code. Unfortunately, you cannot allow access on a per domain basis, so it's all or nothing. However, the owner of the blog might not want to grant this privilege, in which case you just cannot count on having access to Javascript from your swf.
PS: If you are allowed to serve a swf from the same domain with granted access to Javascript, you might be able to use it as proxy for sending the data retrieved with javascript to the swf served from the other domain. Not sure if this is the best idea, though.
My answer is, you can't access browser cookies from the Flash Player. The ExternalInterface usage is kind of a hack.
Based on the error, it sounds like your SWF is being served from a different domain than the web page that contains it. Is that true? If so, that is the cause of the error. Isn't that the same sort of approach that "Cross Site Scripting" exploits use?
You can allow JavaScript to access it's HTML wrapper from a different domain by specifying the allowScriptAccess to always in the SWF embed code. More info in the Adobe docs.
You can try adding a crossdomain.xml file to the main site, although I did not think that would have an effect because I'm pretty sure that ExternalInterface usage is not a crossdomain.xml checking case.
I'm curious as to where the cookie is coming from. If your Flex application is creating the cookie via a SharedObject then you don't need javascript to access it. If the cookie is coming from another application/source then to my knowledge, the only real way to access it is via the javascript externalinterface method.
Related
As the title says, how would I go about doing this? I want to check a value stored in a file.
This is impossible and has nothing to do with ASP .NET. The browser is responsible for rendering the page to the client, and browsers, for obvious reasons (security), don't have access to the user's file system. The only thing a browser can do, is read cookies (essentially text files) sent to the user from the same domain the website belongs to.
HTML5 has a new feature called local storage but you still won't be able to access ANY file on the user's computer.
Using Javascript with ASP.Net applications can work quite well, I've done it for a couple of sites I've done. If you just want to run some code on the client when a checkbox is ticked for instance, try this...
replace the myFunction() portion out with whatever client side code you want to write.
If you unfamiliar with Javascript as a language, check this out... http://www.w3schools.com/js/default.asp
You can do that using ActiveX control or SilverLight
Some are saying it's not possible, and that is true for the Internet. However, I have done this before on an Intranet system. The server knew the users computer name and could access a local configuration file, no ActiveX, no Silverlight.
How do I programatically detect from Flex/Actionscript the STRING representing the current security domain, as used by LocalConnection.AllowDomain?
http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/net/LocalConnection.html?filter_flex=4.1&filter_flashplayer=10.1&filter_air=2
I'm unclear if this answers your question, but to get the domain that hte SWF is being served from use Application.url to get the URL Serving the SWF and then use URLUtils.getServerName to get the actual domain.
The LocalConnection class also has a domain property, which looks like a shortcut for the above if you're using a LocalConnection.
I believe either of those will give you the current domain. It sounds like you want to know the name of the domain trying to access your SWF, though. If so, I do not know of a way to get that information.,
I have a flex app running on my server.
I have had a request from some clients to have the swf loaded on their server, so that their customers dont have to be transferred to my server to login; i.e. from the user's point of view it looks like they are logging in from theirsite.com instead of mysite.com
I tried something really simple, and that was to give them a html wrapper to host on their site. The only modification that I made was to change the "src" var to:
"src", "https://www.mysite.com/app/myapp.swf"
and
embed src="https://www.mysite.com/app/myapp.swf"
To my surprise, this worked perfectly. And best of all, the service calls still seem to come from mysite.com, so I dont have to bother with modifying the crossdomain.xml file.
All good it seems.
Are there any issues or downsides to the above that I should be aware of?
If you're doing an ExternalInterface calls to JavaScript in the enclosing page, this may cause a security error; since the SWF from your domain shouldn't be able to access HTML content served from your client's domain.
I expect that is a fringe case though. Aside from that, what you're doing is not much different than what YouTube does. I've done the same thing with The Flex Show player. I don't think you'll have any issues. And I do not believe that this approach makes your app any less (or less) secure.
Is there a way to programmatically set the name of a file to be uploaded from a web page? I suspect that browser security restrictions make this impossible, but I'm hoping someone will prove me wrong.
I have a web application that needs to let the administrator upload HTML. The admin selects the HTML file, then the app uploads that file, plus figures out all the supporting files (images, stylesheet, etc) and uploads them too. There doesn't seem to be a way to programmatically upload the supporting files from a web page, since the user has to specify each file explicitly.
Currently I have a separate Windows app to do this, but it would be ideal to have this functionality integrated with the rest of the app. My back end is ASP.NET with C#.
There is no way to programatically grab files from a user's computer via the browser. This would be a security violation if a website could just grab things.
Yes you can (in modern browsers)...
You can get and set the value of HTMLInputElement.files.
See this answer.
No, you cannot do this without a client-side application or special plug-in.
Browser security doesn't allow the server to obtain information about the hard drive contents of the client.
You may be able to do this using some form of browser plug-in. This is more work for you (and there are potential security implications for this beyond those found when you just have users run your app). However, it may prevent a more integrated experience for your users. I'd hesitate to eliminate the application completely, though. Browser compatibility issues are common.
Imagine you have a large number of video files stored on a server, and a Flex app which lets users play those videos they have access to. How can you best set this up? Wouldn't the Flex app just be sent the name of the video to play... in which case couldn't someone else write another flex app if they knew the file names? Can Flex play videos hosted on other sites? Is there some clever piece on the server I'm missing, which sits between the Flex video player and the files?
Ask users to log-in with a username and password - you can use OpenID if you want.
Update:
Set the crossdomain.xml of your server in such a way that only Flash movies from your domain can access content from there.
You can write a server-side script (in PHP or something else) that serves the file only if your user is allowed to see it (how to determine that you'll have to come up with yourself). This is a bit of a performance hit, although not so much if you use PHP's readfile().
Can Flex play videos hosted on other sites?
Your crossdomain.xml can control this. e.g. myvideoserver.com/crossdomain.xml would contain entries based on who you want to grant access to, like myflexserver.com. Then just ripping off your main flex application wouldn't give them access to your video files.