[Papervision3D] Feel free to use nocrossdomain.com

Thomas Saunders tasaunders at gmail.com
Tue Jan 1 23:49:26 PST 2008 

Hi Nathan,

I'm not sure how this helps out the community.  There have been problems
with the BitmapData.draw() method in PV3D (especially with the beta player's
release) which has made the VideoStreamMaterial essentially null.  But this
doesn't really address the current security problems in PV3D

I don't see how nocrossdomain.com would help anyone when loading content
from another server.  If you've got to do that, and you have permissions to
the server being accessed, it's not too hard to add a crossdomain.xml to
that server's root and flag your loader to checkPolicyFile is true.

If you don't have permissions (I.E. *its not your server!*) then you'll get
a text feed with no images, because of the security restrictions in the
BitmapData.draw() method.

Perhaps they are there for a reason.

This isn't Adobe's problem with security, it's Adobe covering their asses.

If you're more in the realm of linking to others' content without permission
and circumventing the flash 9 player's security features in doing so,
perhaps your site may be of use. But I'm not really sure about the ethics of
doing as such.

Also, just writing a simple subvertSecurity.php for yourself would be more
efficient.

I'm no apologist for Adobe in any way, and I think their path towards
"content security" is very ill.  But there are better ways to fight it.

Just some thoughts!!

thomas

Message: 5
Date: Wed, 02 Jan 2008 14:34:34 +1100
From: Nathan de Vries <nathan at atnan.com>
Subject: [Papervision3D] Feel free to use nocrossdomain.com
To: papervision3d at osflash.org
Message-ID: <1199244874.6636.46.camel at ooboontoo>
Content-Type: text/plain; charset="us-ascii"

Hi folks,

I've set up a domain called "nocrossdomain.com" which allows Flash
developers to load content into their movies and applications which
otherwise wouldn't be accessible due to Adobe's security sandboxing. It
works by doing a '303 See Other' HTTP redirect to whichever URL is
passed in via the "url" GET parameter. For example:

   http://nocrossdomain.com/?url=http://blog.papervision3d.org/feed

You'll notice that blog.papervision3d.org has no cross domain XML file,
however you will still be able to load the content and run E4X over it.
So long as you're not accessing BitmapData, enabling smoothing on images
or accessing the ByteArray of objects, everything should work nicely.
Unfortunately given the BitmapData constraint, this doesn't work for
images being loaded in and displayed with Papervision, however I figured
it would still be useful for many other services you guys integrate with
in your day-to-day lives.

Feel free to pass this around to fellow Flash developers who are
frustrated with being able to do nothing about SecurityErrorEvents due
to sandboxing by the Flash Player. Hopefully over time, Adobe will
realise that it's not their place to impose intellectual property &
content ownership restrictions on behalf of content providers.


Cheers,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://osflash.org/pipermail/papervision3d_osflash.org/attachments/20080102/26a254dd/attachment.html

More information about the Papervision3D mailing list