Supporting cross-domain SWF.

author: Hiroshi Ichikawa <gimite@gmail.com> 2010-09-02 23:49:34 +0900
committer: Hiroshi Ichikawa <gimite@gmail.com> 2010-09-02 23:49:34 +0900
commit: 9e766377188d461f2046d951cc12645d457eb8e8 (patch)
tree: 734aa166d25a30b49ee23fb557624616922721f5
parent: 1d0df76b4da4ba4071879e435a4de3512fd3853e (diff)
download: web-socket-js-9e766377188d461f2046d951cc12645d457eb8e8.tar.gz
8 files changed, 40 insertions, 4 deletions
diff --git a/README.txt b/README.txt
index b01cbb7..2e32ea7 100644
--- a/README.txt
+++ b/README.txt
@@ -84,6 +84,17 @@ The AS3 Socket class doesn't implement this mechanism, which renders it useless
 The class RFC2817Socket (by Christian Cantrell) effectively lets us implement this, as long as the proxy settings are known and provided by the interface that instantiates the WebSocket. As such, if you want to support proxied conncetions, you'll have to supply this information to the WebSocket constructor when Flash is being used. One way to go about it would be to ask the user for proxy settings information if the initial connection fails.
 
 
+* How to host HTML file and SWF file in different domains
+
+By default, HTML file and SWF file must be in the same domain. You can follow steps below to allow hosting them in different domain.
+
+WARNING: If you use the method below, HTML files in ANY domains can send arbitrary TCP data to your WebSocket server, regardless of configuration in Flash socket policy file. Arbitrary TCP data means that they can even fake request headers including Origin and Cookie.
+
+- Unzip WebSocketMainInsecure.zip to extract WebSocketMainInsecure.swf.
+- Put WebSocketMainInsecure.swf on your server, instead of WebSocketMain.swf.
+- In JavaScript, set WEB_SOCKET_SWF_LOCATION to URL of your WebSocketMainInsecure.swf.
+
+
 * How to build WebSocketMain.swf
 
 Install Flex 4 SDK:
diff --git a/WebSocketMain.swf b/WebSocketMain.swf
index cadefcf..e7e91d7 100644
--- a/WebSocketMain.swf
+++ b/WebSocketMain.swf
diff --git a/WebSocketMainInsecure.zip b/WebSocketMainInsecure.zip
new file mode 100644
index 0000000..a74178d
--- /dev/null
+++ b/WebSocketMainInsecure.zip
diff --git a/flash-src/WebSocketMain.as b/flash-src/WebSocketMain.as
index 41991e7..17ee694 100644
--- a/flash-src/WebSocketMain.as
+++ b/flash-src/WebSocketMain.as
@@ -1,7 +1,7 @@
 // Copyright: Hiroshi Ichikawa <http://gimite.net/en/>
 // License: New BSD License
 // Reference: http://dev.w3.org/html5/websockets/
-// Reference: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-31
+// Reference: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
 
 package {
 
diff --git a/flash-src/WebSocketMainInsecure.as b/flash-src/WebSocketMainInsecure.as
new file mode 100644
index 0000000..ea377be
--- /dev/null
+++ b/flash-src/WebSocketMainInsecure.as
@@ -0,0 +1,19 @@
+// Copyright: Hiroshi Ichikawa <http://gimite.net/en/>
+// License: New BSD License
+// Reference: http://dev.w3.org/html5/websockets/
+// Reference: http://tools.ietf.org/html/draft-hixie-thewebsocketprotocol-76
+
+package {
+
+import flash.system.*;
+
+public class WebSocketMainInsecure extends WebSocketMain {
+
+  public function WebSocketMainInsecure() {
+    Security.allowDomain("*");
+    super();
+  }
+  
+}
+
+}
diff --git a/flash-src/build.sh b/flash-src/build.sh
index d7b7577..9a4a732 100755
--- a/flash-src/build.sh
+++ b/flash-src/build.sh
@@ -3,4 +3,8 @@
 # You need Flex 4 SDK:
 # http://opensource.adobe.com/wiki/display/flexsdk/Download+Flex+4
 
-mxmlc -static-link-runtime-shared-libraries -output=../WebSocketMain.swf WebSocketMain.as
+mxmlc -static-link-runtime-shared-libraries -output=../WebSocketMain.swf WebSocketMain.as &&
+mxmlc -static-link-runtime-shared-libraries -output=../WebSocketMainInsecure.swf WebSocketMainInsecure.as &&
+cd .. &&
+zip WebSocketMainInsecure.zip WebSocketMainInsecure.swf &&
+rm WebSocketMainInsecure.swf
diff --git a/sample.html b/sample.html
index 9d2c920..6a2ad7f 100644
--- a/sample.html
+++ b/sample.html
@@ -17,7 +17,9 @@
     WEB_SOCKET_SWF_LOCATION = "WebSocketMain.swf";
     // Set this to dump debug message from Flash to console.log:
     WEB_SOCKET_DEBUG = true;
-
+    
+    // Everything below is the same as using standard WebSocket.
+    
     var ws;
     
     function init() {
diff --git a/web_socket.js b/web_socket.js
index b055d52..ad65dd1 100644
--- a/web_socket.js
+++ b/web_socket.js
@@ -326,7 +326,7 @@
     swfobject.embedSWF(
       WEB_SOCKET_SWF_LOCATION, "webSocketFlash",
       "1" /* width */, "1" /* height */, "9.0.0" /* SWF version */,
-      null, {bridgeName: "webSocket"}, {hasPriority: true}, null,
+      null, {bridgeName: "webSocket"}, {hasPriority: true, allowScriptAccess: "always"}, null,
       function(e) {
         if (!e.success) console.error("[WebSocket] swfobject.embedSWF failed");
       }
author	Hiroshi Ichikawa <gimite@gmail.com>	2010-09-02 23:49:34 +0900
committer	Hiroshi Ichikawa <gimite@gmail.com>	2010-09-02 23:49:34 +0900
commit	9e766377188d461f2046d951cc12645d457eb8e8 (patch)
tree	734aa166d25a30b49ee23fb557624616922721f5
parent	1d0df76b4da4ba4071879e435a4de3512fd3853e (diff)
download	web-socket-js-9e766377188d461f2046d951cc12645d457eb8e8.tar.gz