Can't load swf from an external domain #170

Closed
extempl opened this Issue Jun 6, 2013 · 4 comments

Comments

Projects
None yet
2 participants

extempl commented Jun 6, 2013

It loads, but don't work.
On hover it throws an error:

Uncaught Error: Error calling method on NPObject. ZeroClipboard.js:179
    ZeroClipboard.setSize ZeroClipboard.js:179
    ZeroClipboard.reposition ZeroClipboard.js:258
    ZeroClipboard.setCurrent ZeroClipboard.js:163
    _elementMouseOver ZeroClipboard.js:36

The same thing happens when I try load it from base64 (btw, is it real?)

extempl commented Jun 7, 2013

Already tried it. It's don't work.
http://screencast.com/t/3cLc5t3t

Owner

JamesMGreene commented Jun 7, 2013

Your problem is that you are including the SWF from a secure domain (HTTPS) and trying to script it from an insecure domain (HTTP). This is intentionally not supported for security's sake.

You can do a few things:

  1. In the trustedDomains option, begin your domain name with the protocol explicitly listed, e.g. http://newed.grammarly.com. This actually should not work if Flash security is working correctly but I've never verified it.
  2. Request the SWF from S3's HTTP protocol instead of HTTPS. If the page's protocol can vary (e.g. auth/unauth, staging/production, etc.), you should include add the SWF with a relative protocol (//s3...) instead of an absolute protocol (https://s3...).
  3. Serve the page over HTTPS. See the note on (2) if the protocol will need to vary.
  4. Change the ActionScript to call the allowInsecureDomain method, then recompile the SWF with your custom changes.
Owner

JamesMGreene commented Jun 10, 2013

We should add this clarification to the docs, I thought it was already stated somewhere. My bad.

JamesMGreene reopened this Jun 10, 2013

JamesMGreene was assigned Jun 10, 2013

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment