Replies: 1 comment
-
I thought that #1486 was a good idea, personally. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Many flash games retrieve files from sources that CORS protects. Flash didn't use CORS, they used crossdomain.xml, so while Flash may have been able to access them, Ruffle can't since it is forced to use CORS.
The purpose of this discussion is to brainstorm ideas to get around CORS in a secure way.
Idea 1: Bypass CORS completely when using the extension, and then use crossdomain.xml instead. The idea here is basically to replicate exactly what Flash does. The only downside to this idea is that it will only work when using the extension, and not for self-hosts. However, this is not a bad thing, since self-hosted websites are more likely not to have CORS issues since the website owner can fix them. The crossdomain.xml will be handled completely by the extension, rather than Ruffle itself. This might seem like a security risk, but as long as we handle
crossdomain.xml
properly, I think this should be secure.Idea 2: Create specific solutions to specific problems. This idea is less risky than the first idea, however, it won't work as well. One problem that I have seen recently appear in AS3 flash games is attempting to retrieve SWZ files from
http://fpdownload.adobe.com/
, which is problematic since Ruffle cannot retrieve files from there due to CORS. The solution to this specific problem is to create a mirror for the website that does not have the same restrictions.Beta Was this translation helpful? Give feedback.
All reactions