Allowing HTTP -> HTTPS access on WebSocketMainInsecure.swf.hixie-76

4 files changed, 4 insertions, 1 deletions

diff --git a/WebSocketMain.swf b/WebSocketMain.swf
index 657c762..59c1688 100644
--- a/WebSocketMain.swf
+++ b/WebSocketMain.swf
diff --git a/WebSocketMainInsecure.zip b/WebSocketMainInsecure.zip
index 560a8d4..69679f8 100644
--- a/WebSocketMainInsecure.zip
+++ b/WebSocketMainInsecure.zip
diff --git a/flash-src/build.xml b/flash-src/build.xml
index b9f9a70..178f719 100644
--- a/flash-src/build.xml
+++ b/flash-src/build.xml
@@ -1,7 +1,7 @@
 <?xml version="1.0" encoding="utf-8"?>
 
 <!--
-  Ant build file which provides Yet another way (other than build.sh) to build SWF files.
+  Ant build file which provides yet another way (other than build.sh) to build SWF files.
   
   You need to copy build.properties.sample to build.properties and change FLEX_HOME
   for your environment.
diff --git a/flash-src/src/net/gimite/websocket/WebSocketMainInsecure.as b/flash-src/src/net/gimite/websocket/WebSocketMainInsecure.as
index e845839..de75c9b 100644
--- a/flash-src/src/net/gimite/websocket/WebSocketMainInsecure.as
+++ b/flash-src/src/net/gimite/websocket/WebSocketMainInsecure.as
@@ -11,6 +11,9 @@ public class WebSocketMainInsecure extends WebSocketMain {
 
   public function WebSocketMainInsecure() {
     Security.allowDomain("*");
+    // Also allows HTTP -> HTTPS call. Since we have already allowed arbitrary domains, allowing
+    // HTTP -> HTTPS would not be more dangerous.
+    Security.allowInsecureDomain("*");
     super();
   }