0

Slightly tricky problem to explain but here goes...

1) swf file on domain1, reads xml file on domain1 to display data 2) also contains link to open a ShadowBox popup of another html file also hosted on domain1 3) This swf file is also embedded in an iFrame on domain2 4) domain2 has ShadowBox installed in the HTML too

The issue is basically down to crosssite scripting:

The swf embedded on domain2 fires domain2 ShadowBox to open this popup, but the javascript call in the Flash is from domain1 which causes crossdomain permissions problems.

Can anyone think of a way around this? JSONP seems one option, but I'm not entirely comfortable using this. Does JQuery come with any way of approaching this? Can't find anything so far...

MrFidge
  • 2,107
  • 11
  • 40
  • 63

1 Answers1

1

I'm trying to understand your issue, so I'll explain things as I see them - tell me if I'm wrong. On domain1, you've got a swf that's invoking an external interface call in javascript which causes an action to happen on a script loaded in an iframe, on domain2?

If that's the case, you may be able to get around the same origin policy issue by making the call from swf, and cutting externalInterface out of the equation. Flash will let you get away with making an HTTP call to another domain if the crossdomain.xml file on the target domain (domain2 in this case) allows it (see this thread: Can someone post a well formed crossdomain.xml sample?)

If I'm way off base, let me know.

Community
  • 1
  • 1
Justin Beckwith
  • 7,686
  • 1
  • 33
  • 55
  • No you're pretty much spot on! The root issue now is that (for various reasons) we can't upload crossdomain.xml to the root of the domain. So unless you can think of something else I think our whole approach is scuppered :x – MrFidge Mar 07 '11 at 12:28