Flash security settings cannot be changed

[Eugene Lazutkin]

dojox\embed\Flash.js defines security settings as constants:

swLiveConnect: "true",
allowScriptAccess: "sameDomain",
allowNetworking:"all",

Specifically allowScriptAccess: "sameDomain" prevents using SWF files from Google/AOL CDN.

It would be nice if these settings can be overwritten by user.

[Mike Wilcox]

Look at FileUploader?, line 1279. That will show you how to set those parameters.

[Mike Wilcox]

That was not meant to be rude :) FileUploader? is always a good reference for using Flash. But here is a quick example:

var args = {
	expressInstall:true,
	path: this.swfPath.uri || this.swfPath,
	width: w,
	height: h,
	allowScriptAccess:"always",
	allowNetworking:"all",
	vars: {
		isDebug: this.isDebug,
		devMode:this.devMode
	},
	params: {
		scale:"noscale",
		wmode:"opaque"
	}

};
this.flashObject = new dojox.embed.Flash(args, this.domNode);

[Eugene Lazutkin]

Personally I don't care about FileUploader. I care about dojox.av.FLVideo. dojox.embed.Flash is used there, but I fail to see how I can add/change missing parameters. I suspect that dojox.av.FLAudio has the same problem.

And it is not an enhancement, but rather a bug that renders dojox.av.FLVideo completely unusable from CDN or from a different domain. The simple fix (allowScriptAccess: "always") helps.

[Mike Wilcox]

Ok, so this was about av.FLVideo, not about embed.Flash. embed.Flash seems fine.

[Mike Wilcox]

(In [22531]) Fixes #11468 allowed ability to set security settings, and also added them in as defaults (so one likely shouldn't have to)

[Mike Wilcox]

(In [22532]) Refs #11468 - Uploader was missing some security settings. It was surprising that it worked before.