I’m struggling to get my Flash web app to communicate with the Google Drive API. I need to fetch a public binary file but I’m running into cross-domain security problems.
JavaScript works fine using CORS for cross-site requests. But in ActionScript 3, it tries to get a crossdomain.xml file from docs.google.com. The current setup doesn’t allow Flash to access this file.
Right now, I’m using JavaScript to get the data and then sending it to the SWF with ExternalInterface. But I’m wondering if there’s a better way to do this. I can’t use a proxy server.
Does anyone know a good workaround? Or maybe someone from the Google Drive API team can chime in? It would be great if they could update the crossdomain.xml file to allow authorization headers from any domain. This would give Flash the same access as JavaScript.
Here’s what the ideal crossdomain.xml might look like:
As someone who’s been working with Flash for years, I can tell you that cross-domain issues are a real pain. Have you considered using a data URI scheme? It’s a bit of a hack, but it might work for your situation. Essentially, you’d encode the binary data as a base64 string in JavaScript, then pass that to Flash using ExternalInterface. Flash can then decode it back into binary.
Here’s a rough idea of how it might look:
JS fetches the file and converts to base64
Pass the base64 string to Flash
In AS3, decode the base64 back to binary
It’s not perfect, but it could be a workable solution without needing server-side changes or proxies. Just be aware of potential performance issues with large files.
Alternatively, if you’re open to it, you might want to start looking at HTML5 alternatives. The writing’s on the wall for Flash, unfortunately.
have u tried using a custom URLStream class? it can sometimes bypass cross-domain restrictions. also, check if ur security sandbox is set to ‘remote’ in flash. if all else fails, maybe look into using adobe air instead of flash for better api access. good luck!
I’ve faced similar issues with Flash and APIs before. While your current JavaScript workaround is functional, it’s not ideal for performance. Have you considered using a signed request approach? This method involves generating a signature on your server-side and passing it to your Flash app. The app can then use this signature to make authenticated requests directly to the Google Drive API, bypassing the need for a crossdomain.xml file.
Another option might be to implement a lightweight server-side proxy specifically for handling these API requests. This could be more efficient than relying on JavaScript as an intermediary.
Ultimately, Flash’s declining support makes long-term solutions challenging. If possible, consider gradually migrating critical functionality to more modern web technologies that have better API integration capabilities.