April Flash Player Update breaks AMFPHP
Updated: crossdomain.xml fixes amfphp for april flash player release
In April Adobe will release a new version of the Flash Player that now requires policy files for certain actions. If you are using AMFPHP you will need to add a crossdomain.xml file to your website to allow the sending and receiving of custom headers from flash to your server. Please make sure that you have a policy file in the document root of the web server that hosts your amfphp services on.
Here is an example crossdomain.xml policy file that will do the trick! Update the domain name to the name of the webserver that hosts your swf file.
Eventually I will walk through all the headers that AMFPHP needs an update this policy file and add it to the template. If you want the new player now it is included in the Flex 3 Beta SDK download. 22mb. You can get it installed and test that your application works! Update:Flash Player 9.0.124 beta allows testing against security model changes
I know this is a little off topic but since we all looking at a new version of flash player, when do you think we will see a new version of amfphp. Preferably with built in authentication?
Does anyone know where to find a player that we can test with? The link above contains fp 9,0,115,0
Hey Wade,
You know, I took that crossdomain file a loaded it into my webserver, but it totally blocked my AMFPHP apps. When I took out the tags, it works now. But what’s up with that? Did I do something wrong? The only change I made prior to that was to set the domain properties to “*” rather than “*.yourdomain.com”
The editor stripped out the tags I was referring to the tags were “site-control permitted-cross-domain-policies=”all”"
Hate to bug you about this, Wade, but do you have any ideas on this one? We’re all kind of at your mercy here…
If you add a * it means that all domain names are able to post to your AMFPHP installation. This makes it work like before the security model was implemented. If you do not use a subdomain in your gateway url such as http://www.domain.com then you do not need to have the *.domain.com. The easiest thing to do is use the exact same top level domain URL that you use in your services-config.xml or NetConnection.connect statement. If you are still getting an error email me the URL and config file that you are using.
Wade,
that newest/test Flash Player is in Flex 3 Beta download, but it’s not in 22MB bundle. It’s actually ‘Adobe Add-ons for Open Source Flex SDK’ bundle that is about 55MB. That’s also mentioned in http://opensource.adobe.com/wiki/display/flexsdk/Downloads.
Thank you for your post. Please would you update it with the above.
thxx