flex-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From OmPrakash Muppirala <bigosma...@gmail.com>
Subject Re: More dog food
Date Mon, 21 Sep 2015 20:44:27 GMT
> >On Mon, Sep 21, 2015 at 9:12 AM, Alex Harui <aharui@adobe.com> wrote:
> >
> >>Did you try running from http:// and not just file://?  I’m curious as
> to
> >> how it works around browser cross-domain security.
> >>
> >
> >We control the SuperProxy app on
> >https://apache-flex-dashboard.appspot.com,
> >so I went ahead and added a cross domain xml on the server.
> >https://apache-flex-dashboard.appspot.com/crossdomain.xml
> >
> >It works fine when I run it from http://locahost and an internal remote
> >server.  I can try putting it up in a secret page on flex.apache.org if
> we
> >want test it for real.
> >
> >Once I get the javascript version building, I will see if it works by
> >default.  If not, I believe I can set the Access-Control-Allow-Origin
> >header to * for the server responses which would take care of CORS in the
> >JS version.
> If you can control the crossdomain.xml and HTTP Headers we’ll probably be
> ok, but I wouldn’t use *, just a small whitelist, or maybe *.a.o.

The GA SuperProxy app is built for anyone and everyone to access the data.
So, I wouldn't worry about giving access to "*".  At least until we figure
out a place for the dashboard when it goes live.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message