Flash Player 9.0.124 beta allows testing against security model changes
Trying to find a way to test your sites compatible with the new Flash Player security model! The newest/test Flash Player is in Flex 3 Beta download called ‘Adobe Add-ons’ for Open Source Flex SDK bundle that is about 58MB. You can download here: http://opensource.adobe.com/wiki/display/flexsdk/Download+Flex+3
Download the latest nightly build as the milestone release has the released Flash Player 9.0.115.
Adobe Add-ons for Open Source Flex SDK – This package contains all of the items that are in the Adobe Flex SDK and not in the Open Source Flex SDK. Downloading this file will allow you to bring the Open Source Flex SDK to parity with the Adobe Flex SDK. This package includes the Adobe Flash Player, Adobe AIR, the advanced font encoding libraries, and the code that allows licensing of things like the Data Visualization components. All of these elements are licensed under the Adobe Flex SDK license.
I downloaded the nightly build from and traversed the extracted zip for my windows computer to
flex_sdk_3.0.1.1092_add-on\runtimes\player\win\Install Flash Player 9 Plugin.exe
ran the installer and was up and running with Flash player 9.0.124 installed in Mozilla.
Preparing for the Flash Player 9 April 2008 Security Update
Read this post for how to make changes for amfphp:
Updated: crossdomain.xml fixes amfphp for april flash player release
Thanks Peter Kehl for getting me an updated link!
Check Out Flash Switcher a firefox plugin that allows you to run lots of flash player versions. This way you can use this for testing but keep your debug player installed as the default for Flex Builder!
Have you any info about when the debug version of the player is coming? For testing purposes it would be much more efficient.
Actionscript rocks!
Andrew
If you are not using Flash Switcher yet for your development you really need to check it out! Check out the link above!
Andras, the downloadable player in the “Adobe Add-Ons” package is the debug player.
Wade, I’ve been testing with the newest player (downloaded today, v9.0.124) and am not getting any security errors when I omit the header tag. Are you sure this version is the one we can test with? And if so, are you sure that AMFPHP will be affected.
My tests were for both same-domain AMF calls and cross-domain calls. The same-domain calls worked perfectly with NO crossdomain.xml. The cross-domain calls worked with the regular crossdomain.xml file without the new tags:
Just reporting my findings. If you have any ideas let me know!
Something’s wrong here…
I’ve been using the ,124 player for two months now — all my AMFPHP sites use tight crossdomain files but… only specifically granting allow-access-from-domain.
NOWHERE in any of my policy files is an allow-http-request-headers-from-domain tag; yet my sites haven’t stopped working. Many of them use a relative path to the gateway file, which is on the same server, but not all of them. Some, like sexypolitics.com, open netconnections to gateways on numerous other servers at the same time, and these, using ONLY an allow-access-from-domain tag in their policy files, still work just fine.
You do NOT need the allow-http-request-headers-from-domain tag.