Skip to content
This repository has been archived by the owner on Jul 3, 2019. It is now read-only.

Accessing SWFs from Remote Sites

Jump to bottom
rugk edited this page Oct 27, 2015 · 11 revisions

The inspector is published as part of the live demos at http://mozilla.github.io/shumway/examples/inspector/inspector.html (or, its mirror, http://www.areweflashyet.com/shumway/examples/inspector/inspector.html)

It is possible to use the inspector from the sites above, if local installation of Shumway is not possible. There are several ways to do so. They are ordered by security risk they can introduce -- read comments carefully.

Save SWF Locally

This is a safe and preferable method to test your SWFs, if it's not possible to install the Shumway locally.

  1. Download the SWF file;
  2. Open the inspector;
  3. Click "Browse..." button;
  4. Select and open the saved SWF file.

Setting CORS HTTP Headers on the Remote Web Site

The inspector allows to specify the SWF file using "rfile" query parameter (see Debugging and Configuring Shumway). The specified file is requested using XMLHttpRequest and subject to CORS restrictions. Read more at http://enable-cors.org/index.html. It is possible to enable access located at the remote site (site that contains the SWF file) from the mozilla.github.io or www.areweflashyet.com domains.

Example: if the .htaccess file is placed at the www.areweflashyet.com:

Header set Access-Control-Allow-Origin "http://mozilla.github.io"
Header set Access-Control-Allow-Headers "If-Modified-Since"

It will be possible to play file at www.areweflashyet.com using mozilla.github.io's inspector: http://mozilla.github.io/shumway/examples/inspector/inspector.html?rfile=http%3A//www.areweflashyet.com/shumway/examples/pac/pac3.swf (Please notice the : character is replaced by %3A code)

Enable System XHR in Firefox

WARNING: This method opens the HTTP access for any script located at www.areweflashyet.com. Please use it with care and only on non-production systems.

If you trust www.areweflashyet.com, you can allow unlimited resource access for scripts from this host. Open the error console (Web Developer->Browser/Error Console, see also https://developer.mozilla.org/en-US/docs/Tools/Browser_Console#Browser_Console_command_line) and execute:

host = "http://www.areweflashyet.com";
perm = Components.classes["@mozilla.org/permissionmanager;1"]
                 .createInstance(Components.interfaces.nsIPermissionManager);
ios = Components.classes["@mozilla.org/network/io-service;1"]
                .getService(Components.interfaces.nsIIOService);
uri = ios.newURI(host, null, null);
perm.add(uri, "systemXHR", 1); /* Use 0 to revoke the permission */
"Successfully added systemXHR permissions for "+host;

Now you can access http://www.areweflashyet.com/shumway/examples/inspector/inspector.html?rfile=http%3A//mozilla.github.io/shumway/examples/pac/pac3.swf

Disable Web Security in the Chrome

WARNING: This method opens the unlimited HTTP resource access for any script. Please use it with care and only on non-production systems.

Running Chrome executable with --disable-web-security switch disables restrictions introduced by CORS. You can specify any URL there (and any web site/script can do so as well).

Mozilla 2019

Clone this wiki locally