Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
If you want to use content on another server, that server needs to host a crossdomain.xml file allowing access. If this file isn’t there, flash won’t let you access it. Given that it’s easy enough to just write a proxy (say a php script that curls the external URLs) what is the purpose of this restriction? It seems that the content is still 100% available to external people, but there is just one extra hoop to jump through. What am i missing?
If Flash just did the request flat out without asking for permission first it would be possible to do what is called Cross site request forgery.
It basically means that since the request is coming from your computer, it will come with your cookies. So by accessing a known url, say gmail, I could pretend to be you. And since it’s all well hidden within a .swf you’d never know what happened.
However, if the request goes through a proxy on another server (normally the same server that is hosting the swf) none of those cookies will be present and everything is nice and safe.