Permalink
Browse files

Supporting cross-domain SWF.

  • Loading branch information...
1 parent 1d0df76 commit 9e766377188d461f2046d951cc12645d457eb8e8 @gimite gimite committed Sep 2, 2010
View
@@ -84,6 +84,17 @@ The AS3 Socket class doesn't implement this mechanism, which renders it useless
The class RFC2817Socket (by Christian Cantrell) effectively lets us implement this, as long as the proxy settings are known and provided by the interface that instantiates the WebSocket. As such, if you want to support proxied conncetions, you'll have to supply this information to the WebSocket constructor when Flash is being used. One way to go about it would be to ask the user for proxy settings information if the initial connection fails.
+* How to host HTML file and SWF file in different domains
+
+By default, HTML file and SWF file must be in the same domain. You can follow steps below to allow hosting them in different domain.
+
+WARNING: If you use the method below, HTML files in ANY domains can send arbitrary TCP data to your WebSocket server, regardless of configuration in Flash socket policy file. Arbitrary TCP data means that they can even fake request headers including Origin and Cookie.
+
+- Unzip WebSocketMainInsecure.zip to extract WebSocketMainInsecure.swf.
+- Put WebSocketMainInsecure.swf on your server, instead of WebSocketMain.swf.
+- In JavaScript, set WEB_SOCKET_SWF_LOCATION to URL of your WebSocketMainInsecure.swf.
+
+
* How to build WebSocketMain.swf
Install Flex 4 SDK:
View
Binary file not shown.
View
Binary file not shown.
@@ -1,7 +1,7 @@
// Copyright: Hiroshi Ichikawa <http://gimite.net/en/>
// License: New BSD License
// Reference: http://dev.w3.org/html5/websockets/
-// Reference: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-31
+// Reference: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
package {
@@ -0,0 +1,19 @@
+// Copyright: Hiroshi Ichikawa <http://gimite.net/en/>
+// License: New BSD License
+// Reference: http://dev.w3.org/html5/websockets/
+// Reference: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
+
+package {
+
+import flash.system.*;
+
+public class WebSocketMainInsecure extends WebSocketMain {
+
+ public function WebSocketMainInsecure() {
+ Security.allowDomain("*");
+ super();
+ }
+
+}
+
+}
View
@@ -3,4 +3,8 @@
# You need Flex 4 SDK:
# http://opensource.adobe.com/wiki/display/flexsdk/Download+Flex+4
-mxmlc -static-link-runtime-shared-libraries -output=../WebSocketMain.swf WebSocketMain.as
+mxmlc -static-link-runtime-shared-libraries -output=../WebSocketMain.swf WebSocketMain.as &&
+mxmlc -static-link-runtime-shared-libraries -output=../WebSocketMainInsecure.swf WebSocketMainInsecure.as &&
+cd .. &&
+zip WebSocketMainInsecure.zip WebSocketMainInsecure.swf &&
+rm WebSocketMainInsecure.swf
View
@@ -17,7 +17,9 @@
WEB_SOCKET_SWF_LOCATION = "WebSocketMain.swf";
// Set this to dump debug message from Flash to console.log:
WEB_SOCKET_DEBUG = true;
-
+
+ // Everything below is the same as using standard WebSocket.
+
var ws;
function init() {
View
@@ -326,7 +326,7 @@
swfobject.embedSWF(
WEB_SOCKET_SWF_LOCATION, "webSocketFlash",
"1" /* width */, "1" /* height */, "9.0.0" /* SWF version */,
- null, {bridgeName: "webSocket"}, {hasPriority: true}, null,
+ null, {bridgeName: "webSocket"}, {hasPriority: true, allowScriptAccess: "always"}, null,
function(e) {
if (!e.success) console.error("[WebSocket] swfobject.embedSWF failed");
}

0 comments on commit 9e76637

Please sign in to comment.