I’m building a Flash based RSS reader, to be run on a kisok, but it’s getting tripped up by crossdomain issues.
In the abstract: SWF loads local TXT file containing paths of remote RSS feeds (XML files), then loads the feeds stored at those remote paths.
Something like this pseudocode:
// feed_reader.swf loads local TXT file containing paths: txtobj.load('settings.txt'); // on successfully loading TXT file, feed_reader.swf gets the remote path stored there, // (e.g. txtobj.xmlpath would contain 'http://sports.espn.go.com/espn/rss/oly/news') // and loads the feed stored there: xmlobj.load(txtobj['xmlpath']);
In standalone Flash Players, this works. In browsers, it fails to load the feed. I checked the crossdomain policy file that showed up in Safari’s Activity Monitor, and it contains this:
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy>
I was under the impression that an single asterisk/wildcard in quotes would mean any domain could access content on that server. But it’s not working that way.
I’ve tried changing the Publish Settings to “Access Local Files Only,” and “Access Network Only,” to no avail. I’ve also tried adding all of the relevant files to the trust list in Macromedia’s Global Security Settings page.