Opened 9 years ago

Closed 9 years ago

Last modified 9 years ago

#11468 closed defect (fixed)

Flash security settings cannot be changed

Reported by: Eugene Lazutkin Owned by: Mike Wilcox
Priority: high Milestone: 1.6
Component: Dojox Version: 1.5
Keywords: Cc:
Blocked By: Blocking:

Description

dojox\embed\Flash.js defines security settings as constants:

swLiveConnect: "true",
allowScriptAccess: "sameDomain",
allowNetworking:"all",

Specifically allowScriptAccess: "sameDomain" prevents using SWF files from Google/AOL CDN.

It would be nice if these settings can be overwritten by user.

Change History (9)

comment:1 Changed 9 years ago by Eugene Lazutkin

Owner: changed from Adam Peller to Mike Wilcox

comment:2 Changed 9 years ago by Adam Peller

Type: defectenhancement

comment:3 Changed 9 years ago by Mike Wilcox

Resolution: invalid
Status: newclosed

Look at FileUploader?, line 1279. That will show you how to set those parameters.

comment:4 Changed 9 years ago by Mike Wilcox

That was not meant to be rude :) FileUploader? is always a good reference for using Flash. But here is a quick example:

var args = {
	expressInstall:true,
	path: this.swfPath.uri || this.swfPath,
	width: w,
	height: h,
	allowScriptAccess:"always",
	allowNetworking:"all",
	vars: {
		isDebug: this.isDebug,
		devMode:this.devMode
	},
	params: {
		scale:"noscale",
		wmode:"opaque"
	}

};
this.flashObject = new dojox.embed.Flash(args, this.domNode);

comment:5 Changed 9 years ago by Eugene Lazutkin

Resolution: invalid
Status: closedreopened
Type: enhancementdefect

Personally I don't care about FileUploader. I care about dojox.av.FLVideo. dojox.embed.Flash is used there, but I fail to see how I can add/change missing parameters. I suspect that dojox.av.FLAudio has the same problem.

And it is not an enhancement, but rather a bug that renders dojox.av.FLVideo completely unusable from CDN or from a different domain. The simple fix (allowScriptAccess: "always") helps.

comment:6 Changed 9 years ago by Mike Wilcox

Ok, so this was about av.FLVideo, not about embed.Flash. embed.Flash seems fine.

comment:7 Changed 9 years ago by Mike Wilcox

Resolution: fixed
Status: reopenedclosed

(In [22531]) Fixes #11468 allowed ability to set security settings, and also added them in as defaults (so one likely shouldn't have to)

comment:8 Changed 9 years ago by Mike Wilcox

(In [22532]) Refs #11468 - Uploader was missing some security settings. It was surprising that it worked before.

comment:9 Changed 9 years ago by bill

Milestone: tbd1.6
Note: See TracTickets for help on using tickets.