||[Oct. 28th, 2005|03:25 pm]
LiveJournal Client Discussions
I'm trying to create an LJ client in Flash, and I'm hitting a small problem due to the security model of the Flash Player.|
For Flash to load data from a different domain to the one that hosts the compiled swf file, a crossdomain.xml file needs to be placed on the server with the data, in this case www.livejournal.com. There's no way around that - its basically Flash's way of stopping cross site scripting.
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<allow-access-from domain="www.company.com" />
I need this file on a server to continue work. In the short term, is there a test site that could have this file placed on it. In the long term, what is the likelihood that I can get this file deployed onto the live livejournal.com website?
Flex Live Docs: http://livedocs.macromedia.com/flex/15/flex_docs_en/00000894.htm
Macromedia Technote: http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_14213
 I'm actually using Macromedia Flex, but its the same thing once compiled.
As I said previously, I understand and agree with the concerns regarding security :)
But the developers of Flash didn't put a blanket ban on data access from other domains - they saw that sometimes people would want to utilise resources and data from other servers. So they allowed the server to determine who could use those resources, rather than the client. Clients get to use other sources of data, servers get to control who can access it - its a good compromise.
I've used the crossdomain.xml file in other situations to allow access to certain domains, that's why I initially suggested it as an option.
LiveJournal deserves a lot of kudos for providing an API to work against, and I'm not trying to suggest that they suddenly open up their doors to anyone who wants access. I'm just trying to see if there is a way for Flash developers to hook into the same system that Python, PHP, ColdFusion (et al), developers have access to - without them having to write their own proxy interface to the livejournal server.
This is less about wanting something for my project, and more about making LJ better in some small way. Isn't that part of the point of open source software?
Even if something was to be decided here, ultimately the complete cycle of development, QA and release would be to slow for me to use it in my current project.