Need to find a way to send a delete method from Flash Player (Flex). Currently it's not done by default (except for from AIR), but I am sure someone has augmented the URLRequestHeader to get it to work properly.
I've tried this, it isn't working:
request.requestHeaders = [new URLRequestHeader("X-HTTP-Method-Override",
DELETE_REQUEST_METHOD)];
Due to limitations in NPAPI this is not currently possible. The only work-around in Flash Player is to use the as3httpclientlib that builds a new HTTP client through Socket instead of through the browser networking API.
The docs for HTTPService say it supports the value "DELETE" for it's "method" property.
Related
I'm streaming data from a server and passing it into a net stream in data generation mode. I'm successfully wrapping H264 and PCMU to be played back through NetStream, however I need to be able to capture this output from the video display it's on and store it in an image. When using an RTMP server, I'd configure it to send an RtmpSampleAccess command, with true,true for audio and video access allowed. When using RTMFP I'd do the same, send() a RtmpSampleAccess true,true from the peer to allow access.
I believe I need to send in an FLV tag for a script data object to represent the RtmpSampleAccess command, however I can't find any information on what the format of that tag needs to be. I've tried using the OSMF FLVTagScriptDataObject with the objects set to the following combinations:
["|RtmpSampleAccess", true, true];
["|RtmpSampleAccess", [true, true]];
And various attempts at guessing the naming for object parameters (though looking at the protocol docs, I'm not sure there is one).
Could someone out there help me here, would be much appreciated.
Where you put your Netstream into Data Generation mode you add a second Play command. The second one simply plays "a blank" and for some reason this overrides the security error.
ns.play(null);
ns.play(""); //works to avoid all security errors
ns.appendBytesAction(NetStreamAppendBytesAction.RESET_BEGIN);
Then to draw just setup a button to run the draw_VideoFrame function when clicked, or try real-time drawing with something like below (using enterFrame):
vid_Obj.addEventListener(Event.ENTER_FRAME, draw_VideoFrame);
and then create a function like this example.
function draw_VideoFrame (e:Event) : void
{
vid_BMD.draw( vid_Obj ); //draw into a BitMapData variable
}
I made simple WebRTC application and I think that I understand WebRTC framework. I want to add new feature to my app which allows only for one user share audio/video while the second user does not share video and audio.
How can I do this? What will be difference of standard mechanism?
For this there's no difference in the standard mechanism. When specifying the constraints to getUserMedia() you would specify either {video: false} or {audio: true}. I think you need at least audio, video or data to create an SDP offer. If not, then simply create an SDP answer without attaching any streams.
After connected you can simply disable the audio/video track of the stream using getAudioTracks()/getVideoTracks() of MediaStream. Each track has the enabled property which can be set to true or false.
Do not get MediaStream and do not call peerConnection.addStream() for the user whom you don't want to share his video/audio.
There is one condition if you do this.
You have to add this constraints to peerConnection.createOffer
Firefox:
{ offerToReceiveVideo: true, offerToReceiveAudio: true }
Chrome:
{mandatory: { OfferToReceiveAudio: true, OfferToReceiveVideo: true }}
You should give this constraints while creating offer because by default it will offer to receive only what stream you add.
To decide dynamically who will only send media and only receive media you can use SDP attribute a=sendonly, a=recvonly for corresponding media to signal this or negotiate this between two party.
I have a small multiplayer Flash game in which you can display a player profile by clicking at his or her avatar:
const PROFILE_URL:String = 'http://myserver/user.php?id=';
try {
navigateToURL(new URLRequest(PROFILE_URL+id), '_blank');
} catch(e:Error) {
}
This works well, but now I'd like to extend the user.php, so that players can add comments about each other. For authorization I'd like to use HTTP cookies, passed from the game.swf to the user.php.
(I don't want use GET or POST here, because GET will have the auth. variables in the URL and players might occasionaly send that URL around or post it in my forum. And POST will ask to re-post the request when you reload).
My problem is that I can't find the way to set HTTP cookies through the navigateToURL() method. Please advise me
Regards,
Alex
You could first authenticate by logging in via a seperate call, for example login.php and that script would start a session. Then all other calls to the same domain would already have the session started and you could check authentication. No need to worry about cookies when PHP can do it for you.
Assuming that you already have the cookie value in your swf you should be able to use the URLRequestHeader together with the URLRequest as follows:
var header:URLRequestHeader = new URLRequestHeader("Cookie", "<the cookie>");
var request:URLRequest = new URLRequest("http://example.com/script.php");
request.requestHeader.push(header);
request.method = URLRequestMethod.POST;
navigateToURL(request, "_blank");
Under certain circumstances, the browser will send the cookie to the server if it has been already set even if you don't explicitly include it in the request. This depends on the browser and the version of the Flash Player. You might also need to adjust your crossdomain.xml file.
Also note that there might be security implications of passing around an unencrypted cookie token. See Firesheep.
I've recently started putting together a Facebook Connect AS3 app and retrieving objects and images through the Graph API.
Running anywhere but locally, I receive security errors of the form:
SecurityError: Error #2122: Security sandbox violation: Loader.content: xxxx cannot access http://photos-a.ak.fbcdn.net/xxxx.jpg
A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
If I add a line of the form:
Security.loadPolicyFile("ht_tp://photos-a.ak.fbcdn.net/crossdomain.xml");
-then I'm fine for that server, but it seems that there are any number of domains with the photos-[letter] format. I've added the one for each in the alphabet - which happily retrieves crossdomain files successfully - but it doesn't seem like a nice solution, and doesn't accommodate any new hosting setups Facebook may will implement in the future.
One thing I'd considered was retrieving the crossdomain policy file on a per image basis, capturing the domain from the image URL before making the image request. Unfortunately, at least via the Graph solution (and I haven't looked too closely at the others), their servers resolve the image url after the request is made, from something more generic like:
ht_tps://graph.facebook.com/[objectId]/picture?type=small&access_token=[accessToken]
Has anyone found a more dependable means of ensuring that images can be retrieved without security sandbox violations? Or do Facebook maintain a definitive list that developers need to keep an eye on?
Thanks!
Load the facebook crossdomains on the initial of your application as below;
Security.allowDomain("*");
Security.allowInsecureDomain("*");
Security.loadPolicyFile("http://graph.facebook.com/crossdomain.xml");
Security.loadPolicyFile("https://graph.facebook.com/crossdomain.xml");
Security.loadPolicyFile("http://profile.ak.fbcdn.net/crossdomain.xml");
Security.loadPolicyFile("https://profile.ak.fbcdn.net/crossdomain.xml");
Security.loadPolicyFile("http://profile.cc.fbcdn.net/crossdomain.xml");
Security.loadPolicyFile("https://profile.cc.fbcdn.net/crossdomain.xml");
Security.loadPolicyFile("http://fbcdn-profile-a.akamaihd.net/crossdomain.xml");
Security.loadPolicyFile("https://fbcdn-profile-a.akamaihd.net/crossdomain.xml");
Security.loadPolicyFile("http://fbcdn-sphotos-a.akamaihd.net/crossdomain.xml");
Security.loadPolicyFile("https://fbcdn-sphotos-a.akamaihd.net/crossdomain.xml");
and then whenever you want to load an image from facebook, set the checkPolicy flag to true using the Loader's LoaderContext as below;
var context:LoaderContext = new LoaderContext();
context.applicationDomain = ApplicationDomain.currentDomain;
context.checkPolicyFile = true;
var loader:Loader = new Loader();
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, onLoadFacebookPhoto);
loader.load(new URLRequest(YOUR_FACEBOOK_PHOTO_URL),context);
private function onLoadFacebookPhoto(e:Event):void
{
addChild(Bitmap(LoaderInfo(e.target).content));
}
Ideally I would guess that you'd want Flash to get the policy file on its own, rather than triggering it with Security.loadPolicyFile. Have you tried simply setting the checkPolicyFile flag for your Loader's LoaderContext?
Alternately, I believe that when you use URLLoader instead of Loader, Flash will request a policy file automatically, so you could try that as well. The tricky thing is that if you use Loader, Flash will let you display what you've loaded even without a crossdomain policy, so it doesn't load one unless you tell it to. When you use URLLoader, the load itself is not allowed unless there's a policy file, so Flash gets it automatically.
I am trying to load an xml file from wikipedia into my flash movie.
loader = new URLLoader();
loader.addEventListener(Event.COMPLETE, tweetLoaded);
loader.load(new URLRequest("http://en.wikipedia.org/w/api.php?action=query&rvprop=content&format=xml&pageids="+subNum));
loader.addEventListener(IOErrorEvent.IO_ERROR, onIOErrorFunction);
This works fine when the flash file is run locally but when I upload to my domain it does not seem to work. I have read elsewhere that the cross domain rule does not apply to XML files only to images and other media. Is this true? If not is there a work around so that I can load in XML files from domains other than the one the swf is hosted on?
thanks
EDIT:
Okay I am really confused, my program queries both Bing API and the media wiki API. The Bing api call works fine, I can retrieve the XML search results back from it fine. But the wikipedia call does not work (online). I have tried listening for the Security_Error on the wikipedia call but it does not fire.
Does anyone have any ideas? Losing it a bit.
Thanks so much for you help. In the end i used http://pipes.yahoo.com
I created a pipe that took in an ID number then spat out a JSON object with the title of the corresponding wikipedia page.
which you can use here http://pipes.yahoo.com/wikibyid
For anyone else doing this you need to make sure you access the pipe from the yahoo api URL
http://pipes.yahooapis.com/
as this domain has the crossdomain.xml file.
A workaround is setting up a proxy with some server side language, so your swf loads data from your domain. This proxy forwards the request to the real host and returns the response to the swf. From the flash side, this works transparently.
You could make your proxy more or less sofisticated, but it could be as simple as (in php):
echo file_get_contents($_GET['target_url']);
This is just to give you an idea, you might want to validate the target_url parameter.
Have your swf call this php script and pass target_url as a parameter. Something like this:
var url:String = "proxy.php";
var paramVal:String = encodeURIComponent("http://en.wikipedia.org/w/api.php?action=query&rvprop=content&format=xml&pageids="+subNum);
url += "?target_url=" + paramVal;
loader.load(new URLRequest(url));
Note that for php this will require allowing fopen for urls (similar permissions might be neccesary for other server side technologies). Also, keep in mind this will affect your server bandwith consumption.
PS
Bing works because they have a crossdomain policy file in place to allow access to swfs from other domains.
http://api.bing.net/crossdomain.xml
Wikipedia doesn't have a crossdomain policy file that grants you access from other domains, so you cannot connect directly from your swf.