In this blog I comment on one of the hurdles I faced while executing flex-flash based apps on the net. By a thumb rule flash apps cannot directly access outside urls. I was in this case trying to consume some feed urls for my site and had a hard time understanding the problem initially since I was relatively new to flex.
I had come across the Flash cross-domain security problem & hence my flex apps were not able to connect to outside urls. This is one of the security features on the internet to disallow direct flash access to resources.
There are two ways to avoid this:
1. To allow access to the flash app by giving permission in the crossdomain.xml of the site being accessed.
2. Indirectly access the resources via a php/asp script.
The first option is not feasible since none of the site will expose holes in their security by allowing access to flash apps.
Here, I write about the second feasible option whereby we access the resource (rss feed / web service) via a php/asp script. This PHP script takes a "url" parameter, which is the XML file (or XML-RPC service) you are trying to reach. If you're trying to load http://rss.google.com/rss/topstories.rss, the new url you would access would be something like:
http://www.my_website.com/xml_proxy.php?url=http://rss.google.com/rss/topstories.rss.
Here the name of the php file having the script is xml_proxy.php.
Here is the content of the php file:
$post_data = $HTTP_RAW_POST_DATA;
$header[] = "Content-type: text/xml";
$header[] = "Content-length: ".strlen($post_data);
$ch = curl_init( $_GET['url'] );
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
if ( strlen($post_data)>0 ){
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
}
$response = curl_exec($ch);
if (curl_errno($ch)) {
print curl_error($ch);
} else {
curl_close($ch);
print $response;
}
?>
This is a simple script taking the url as the input parameter, hits the remote server, gets the response & prints it out to be consumed by our flex app.
By the way, do remember that your hosting web server should support php executions. Even I got this script from one of the sites on the net. Cheers !
No comments:
Post a Comment