Comments on: Flash Player 9.0.124 beta allows testing against security model changes

By: Josh Strike

Josh Strike — Tue, 08 Jul 2008 00:18:33 +0000

Something’s wrong here…
I’ve been using the ,124 player for two months now — all my AMFPHP sites use tight crossdomain files but… only specifically granting allow-access-from-domain.
NOWHERE in any of my policy files is an allow-http-request-headers-from-domain tag; yet my sites haven’t stopped working. Many of them use a relative path to the gateway file, which is on the same server, but not all of them. Some, like sexypolitics.com, open netconnections to gateways on numerous other servers at the same time, and these, using ONLY an allow-access-from-domain tag in their policy files, still work just fine.
You do NOT need the allow-http-request-headers-from-domain tag.

By: Jacob Wright

Jacob Wright — Mon, 07 Apr 2008 23:10:21 +0000

Andras, the downloadable player in the “Adobe Add-Ons” package is the debug player.

Wade, I’ve been testing with the newest player (downloaded today, v9.0.124) and am not getting any security errors when I omit the header tag. Are you sure this version is the one we can test with? And if so, are you sure that AMFPHP will be affected.

My tests were for both same-domain AMF calls and cross-domain calls. The same-domain calls worked perfectly with NO crossdomain.xml. The cross-domain calls worked with the regular crossdomain.xml file without the new tags:

Just reporting my findings. If you have any ideas let me know!

By: wadearnold

wadearnold — Mon, 07 Apr 2008 00:39:59 +0000

If you are not using Flash Switcher yet for your development you really need to check it out! Check out the link above!

By: andras

andras — Mon, 07 Apr 2008 00:12:09 +0000

Have you any info about when the debug version of the player is coming? For testing purposes it would be much more efficient.

Actionscript rocks!

Andrew