flex-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Alex Harui <aha...@adobe.com>
Subject Re: [AIR - loadForCompatibility]
Date Thu, 25 Sep 2014 16:25:56 GMT
Makes sense.   Thanks for sharing.

Was the remote SWF able to make "secure" calls to the server?  I was told
that in some web-apps, the servers check the headers to see if the request
came from a client served from the same domain and that whatever header
that is will not be "yourDomain" when the SWF is loaded in this way.

-Alex

On 9/25/14 8:34 AM, "Frédéric THOMAS" <webdoublefx@hotmail.com> wrote:

>So, the trick to have an adobe AIR trusted remote multi-versioned
>application is as shown in this sample code:
><?xml version="1.0" encoding="utf-8"?><s:WindowedApplication
>xmlns:fx="http://ns.adobe.com/mxml/2009"					
>xmlns:s="library://ns.adobe.com/flex/spark"					
>preinitialize="preinitializeHandler(event)" showStatusBar="false">
>	<fx:Script>		<![CDATA[			import mx.events.FlexEvent;
>			// Get the raw swf			private function launchChildApp():void
>{				trace("applicationDirectory: " +
>File.applicationDirectory.nativePath);				trace("applicationStorageDirecto
>ry: " + File.applicationStorageDirectory.nativePath);
>				const urlRequest:URLRequest = new
>URLRequest("http://yourDomain/yourApplication/youRemoteTrustedMultiVerione
>dAirWindowedApplication.swf");				const urlLoader:URLLoader = new
>URLLoader();				urlLoader.dataFormat =
>URLLoaderDataFormat.BINARY;				urlLoader.addEventListener(Event.COMPLETE,
>urlLoader_completeHandler);				urlLoader.load(urlRequest);			}
>			private function preinitializeHandler(event:FlexEvent):void {
>      maximize();				launchChildApp();			}
>			private function urlLoader_completeHandler(event:Event):void {
>				const urlLoader:URLLoader = event.currentTarget as URLLoader;
>				// In isolation because the loaded code may be compile with another
>flex version.				const applicationDomain:ApplicationDomain = new
>ApplicationDomain(null);
>				const lc:LoaderContext = new LoaderContext(false,
>applicationDomain);				lc.allowCodeImport = true;
>				swfLoader.loaderContext = lc;				swfLoader.load(urlLoader.data as
>ByteArray);			}		]]>	</fx:Script>
>	<s:SWFLoader id="swfLoader" autoLoad="false" trustContent="true"
>loadForCompatibility="true"				 showBusyCursor="true"
>scaleContent="false"/>
></s:WindowedApplication>
>
>Frédéric THOMAS
>
>> From: webdoublefx@hotmail.com
>> To: users@flex.apache.org
>> Subject: RE: [AIR - loadForCompatibility]
>> Date: Wed, 24 Sep 2014 13:29:15 +0100
>> 
>> 
>> 
>> 
>> My bad, I had to add the listener to LoaderInfo instead of Loader, use
>>a child applicationDomain instead of a sibling one and instanciate from
>>the applicationDomain definitions my App before using it.
>> 
>> Still exploring...
>> 
>> Frédéric THOMAS
>> 
>> > From: webdoublefx@hotmail.com
>> > To: users@flex.apache.org
>> > Subject: RE: [AIR - loadForCompatibility]
>> > Date: Wed, 24 Sep 2014 11:37:46 +0100
>> > 
>> > Hi Alex,
>> > So, I gave a try but I'm facing something weird, comment in code:
>> > The Loader:<?xml version="1.0" encoding="utf-8"?>
>> > <s:WindowedApplication xmlns:fx="http://ns.adobe.com/mxml/2009"
>>xmlns:s="library://ns.adobe.com/flex/spark">
>> > 
>> >    <s:layout>
>> >       <s:VerticalLayout/>
>> >    </s:layout>
>> > 
>> >    <fx:Script>
>> >       <![CDATA[
>> >         import mx.core.IVisualElement;
>> > 
>> >         // Get the raw swf
>> >         private function launchChildApp():void {
>> >             const urlRequest:URLRequest = new
>>URLRequest("http://localhost:8080/mobilityworkspace/App.swf");
>> >             const urlLoader:URLLoader = new URLLoader();
>> >             urlLoader.dataFormat = URLLoaderDataFormat.BINARY;
>> >             urlLoader.addEventListener(Event.COMPLETE,
>>urlLoader_completeHandler);
>> >             urlLoader.load(urlRequest);
>> >         }
>> > 
>> >         // load the raw swf into the same security context and
>>sibling application domain
>> >         private function urlLoader_completeHandler(event:Event):void {
>> >             const urlLoader:URLLoader = event.currentTarget as
>>URLLoader;
>> > 
>> >             // In isolation because the loaded code may be compile
>>with another flex version.
>> >             const applicationDomain:ApplicationDomain = new
>>ApplicationDomain(null);
>> > 
>> >             const lc:LoaderContext = new LoaderContext(false,
>>applicationDomain);
>> >             lc.allowCodeImport = true;
>> > 
>> >             // Throws [Fault] exception, information=Error:
>>addChild() is not available in this class.
>> >             // Instead, use addElement() or modify the skin, if you
>>have one.
>> >             //lc.requestedContentParent = panel;
>> > 
>> >             const ldr:Loader = new Loader();
>> > 
>> >             // So wait for the COMPLETE Event to affect it to the
>>panel but
>> >             // the Event is never fired (and even no other events,
>>errors).
>> >             ldr.addEventListener(Event.COMPLETE, ldr_completeHandler);
>> >             ldr.loadBytes(urlLoader.data as ByteArray, lc);
>> >         }
>> > 
>> >         // Never goes here.
>> >         private function ldr_completeHandler(event:Event):void {
>> >             const ldr:Loader = event.currentTarget as Loader;
>> >             panel.addElement(ldr.content as IVisualElement);
>> >         }
>> >         ]]>
>> >    </fx:Script>
>> > 
>> > 
>> >    <s:Button label="Launch child application"
>>click="launchChildApp()"/>
>> > 
>> >    <s:Panel id="panel" width="100%" height="100%"/>
>> > 
>> > </s:WindowedApplication>
>> > 
>> > The App:<?xml version="1.0"?>
>> > <s:Group xmlns:fx="http://ns.adobe.com/mxml/2009"
>> >                   xmlns:s="library://ns.adobe.com/flex/spark">
>> >    <fx:Script>
>> >       <![CDATA[
>> >         import mx.controls.Alert;
>> >         ]]>
>> >    </fx:Script>
>> >    <s:Button click="Alert.show('Hello, world')" label="Say Hello"/>
>> > </s:Group>
>> > 
>> > Do you know why I can't reach ldr_completeHandler ?Frédéric THOMAS
>> > 
>> > > From: webdoublefx@hotmail.com
>> > > To: users@flex.apache.org
>> > > Subject: RE: [AIR - loadForCompatibility]
>> > > Date: Tue, 23 Sep 2014 22:20:35 +0100
>> > > 
>> > > Alight, thank you Alex
>> > > 
>> > > Frédéric THOMAS
>> > > 
>> > > > From: aharui@adobe.com
>> > > > To: users@flex.apache.org
>> > > > Subject: Re: [AIR - loadForCompatibility]
>> > > > Date: Tue, 23 Sep 2014 21:03:39 +0000
>> > > > 
>> > > > 
>> > > > 
>> > > > On 9/23/14 1:56 PM, "Frédéric THOMAS" <webdoublefx@hotmail.com>
>>wrote:
>> > > > 
>> > > > >> Essentially, this trick makes remote content local.  It can
>>make remote
>> > > > >> calls, but the headers will be the same as if you coded
>>URLLoader in the
>> > > > >> main AIR app not as if it was a web-app served by the domain's
>>server.
>> > > > >
>> > > > >If it means the loaded swf is perceived as or is in the local
>>application
>> > > > >sandbox / security context, I guess it can do the trick moving
>>the rest
>> > > > >of the code in a module downloaded by the loaded swf, thought
?
>> > > > AIUI, you can keep "importing" swfs into the application sandbox,
>>but the
>> > > > servers that they came from will not see the same headers as if
>>it was a
>> > > > web app from that server and will respond differently, often by
>>returning
>> > > > failure.
>> > > > 
>> > > > If you download remote.swf and load bytes it, and it just uses
>>Loader to
>> > > > run anotherremote.swf, anotherremote.swf is loaded into a sandbox
>>and
>> > > > cannot access the remote.swf.  Remote.swf would also have to use
>>the load
>> > > > bytes trick in order for anotherremote.swf to talk directly to
>>each other.
>> > > > 
>> > > > -Alex
>> > > > 
>> > >  		 	   		  
>> >  		 	   		  
>> 
>>  		 	   		  
> 		 	   		  


Mime
View raw message