Flash 9 Actionscript 3.0 and Security #2137. Or Why Flash Hyperlinks Don’t Work.
First off, I apologize for such an SEO-friendly title to this post, but I want to make sure that no one else suffers through the searching I recently went through.
I recently worked on a site where I was using Flash 9 with AS 3.0 to build the primary menu for a Web site. The code was some simple drop back and pass (sorry, playing too much Madden these days):
private function onClick(event:Event):void {
   //_urlArray is a list of page links
   var request:URLRequest = new URLRequest(_urlArray[urlID]);
navigateToURL(request, "_self");
}
So, the site launches, and soon after, I’m getting calls from the client that the navigation links don’t do anything. It works fine in my tests, so I contact some friends to try the site. No problems. So, to see this firsthand, I go to my client’s office to test the issue, only to discover that we can’t adequately replicate the issue. I check my .htaccess, the site’s PHP framework, and conclude that it’s a DNS issue (since the site recently tranferred hosts).
The problem still occurs a day later.
So, I stop back in, and quickly discover that the Flash works fine from http://www.site.com but fails silently when the user is on http://site.com. Thanks to my trusty Flash Debugger Player, I find out it’s error 2137.
After exhaustively learning about the new Flash Player 9 security, I learn that the only thing I have to do is place the following in the <object> and <embed>:
<param name="allowScriptAccess" value="always" />
<EMBED src="file.swf" AllowScriptAccess=""></EMBED>
Alternatively, if you use SWFObject like me, you would use the following:
so.addParam("AllowScriptAccess", "always");
So what was the problem? Well Adobe integrated a new feature into ActionScript 3.0 security where setting the window type of “_self” in navigateToURL() is only allowed from the same domain. In my case, www.site.com and site.com aren’t the same domain (btw, IP != domain, either). In order for a Website to declare trust to an SWF, it has to provide it in in the HTML.
Anyhow, I hope this saves someone the time I took scrambling through Adobe Flash security docs. 
The Future That Never Was
Who knew the future and technology of the past would be so bright? I just came across Paleo Future, a blog dedicated to the future that never was. Highlights include some amusing AT&T promotional videos and some Apple technologies that clearly never took off. Remember AT&T’s 1993 “You Will” ads? Who knew AT&T was so good at predictions, even if they weren’t the sole provider of such technologies?
In general, I guess people just never stopped to think, “hey, this video conferencing gets really awkward since you have to maintain eye contact to remain polite!”.
Adobe on AIR in NYC
I just got back from Adobe’s On AIR tour seminar in New York City. Overall, I think AIR is a really exciting project as it empowers Flash, Flex, and AJAX developers to easily create and deploy desktop applications. I think Adobe has gone in the right direction by providing the SDK for free (take that, Silverlight!). The ActionScript-built Web browser demo was impressive, and Adobe should seriously consider having new hire Lee Brimelow do all of evangelistic Keynote presentations.
All that said, I have to ask, how many applications does the average user currently use that require an Internet connection? I guess what my point is is that while I’m interested in seeing what the development community comes up with, I really can’t see AIR replacing most Web-based services or revolutionizing an industry. What I can see is easier deployment of, say, sales applications for both offline and online purposes, and what I hope to not see are uninspired renditions of the typical “VIRAL-Social-Networking” media player running on the desktop. I’m sure to be delightfully surprised with what everyone comes up with, but I figured I’d just throw a grain of salt along with the excitement of the show.
I should also mention that they tantalized the crowd with talks of an Adobe standalone Video Player (finally!) and AIR mobile (I tried to get more information out of Mike Chambers, but no dice).
Go Animation Package for AS3
Well, my friend Moses has announced Go for ActionScript 3.0. No, it’s not Fuse 3–actually, I think it leapfrogs the standard ActionScript animation library idea, and I hope it’s successful at getting people to work together on coding concepts, rather than release their own flavors of tween engines and hope for industry stardom.
I’ve been privileged to beta test Go, and the benchmarks alone are pretty impressive. I won’t let any cats out of the bag, but will say that it’s challenged me to wonder if subclassing is more ideal than using a decorator pattern. Personally, I lean towards subclassing since it requires some preplanning. Furthermore, decorators provide runtime changes, functionality that for some reason I wouldn’t feel comfortable with unless absolutely necessary. What do you think, though?
1001 NYC
Boy, busy month–seemingly too busy to even post some of the projects I’ve been working on. Well, here’s the site I recently completed for Page 73 Productions‘s 1001 NYC. Its playwright Jason Grote‘s modern take on A Thousand and One Arabian Nights and I’m hoping to see it in October.
It’s a fairly simple site, but I learned that when you think you’re looking for a WordPress theme switcher you’re really looking for a way to utilize WordPress templates…
Colin Moock’s AS3 From the Ground Up Tour
Free training from Colin Moock? Okay, I’ll take it!
Moock will be giving an all-day training seminar on ActionScript 3.0 in NYC on November 12.
You can register while spots are still available at: http://www.adobeas3tour.com/
The Death of Mobile CSS (Oh, and I got an iPhone)
Well, I suppose this makes me a bit of a hypocrite given all of the criticism I had for it, but at least I saved $200… Yes, i got an iPhone and am posting with it now. After my first day it’s left me wondering how I survived without it, and the decision to purchase it made me accept the fact that it’ll still be some time before RFID, semacodes, .mobi sites and 3G become commonplace (Okay, I doubt .mobi will ever take off).
Using one firsthand has also reinforced my firm belief that mobile css will never reach full fruition. let’s face it, what client will want to pay for a Web site to be built twice, especially when one version severely compromises the user experience? Furthermore, what user wants a limited version of a Web site? Alas, mobile CSS will probably prove to become even more anonymous than its sibling, print CSS…
You know you’re a design nerd when…
You want to see the documentary movie Helvetica. Who knew it was the font’s 50th birthday?
Sigh, sadly, I’m too busy with work.
Harrisburg Gallery Walk
Since I’m already attending a wedding in Central PA this weekend I figured I’d play lone tourist to Harrisburg and hit the streets of Midtown for the Gallery Walk on Sunday. I’m constantly amazed at how weak the turnout is amongst my friends for this really cool event … Then again, this never had to compete with the Steelers season opener, so maybe I won’t go …
Is anyone else taking the walk?
NY Tech Meetup
My friend Moses got me to come along and attend my first NY Tech Meetup on Tuesday night. I was about to list all of the presentations I saw, but I’ll let Silcon Alley Insider do it for me (Coincidentally, there’s a picture of me sporting some serious red-eye there, too).
Some general thoughts:
- DesignMyRoom.com seemed to breath some life into the stale, “hey, I had that idea!” Web 1.0 concept with a very sharp-looking Flash front-end. Kudos to my hometown’s andCulture on building the site–and recognizing there’s a bigger market than just Central PA. Now if you could just do something with your own cooler-than-thou Web site …
- Meetup CEO Scott Heiferman succeeded to annoy me–”Okay every presenter gets 5 minutes–Oh, except for you, Mr. former-CEO-of-DoubleClick-turned-startup-celebrity Kevin Ryan. We’ll dedicate as long as I deem it necessary for you!”
- I really liked what BookSwim’s presenters were suggesting, but I guess I was alone, as no demo = booing offstage. I suggested a similar model to a Brooklyn librarian trying to find ways to re-connect the library system with the public … there’s gotta be promise somewhere with this idea (Oh, and hey, guys, don’t let NetFlix’s lawyers find your site).
- I’m in like with you stole the show in my opinion, from the “Business model? Huh? This is for fun!” approach in their presentation to their uber-impressive Flash frontend/Rails backend UI.
- No Mobile apps. A little surprising to me.
Overall, the well-packed room was a bit stuffier than the typical NYC gatherings I attend, but it’s nice to see there’s that startup energy around here …
About Me
I'm a designer, developer, and teacher based in Harrisburg, Pa. I run Hauck Interactive, Inc.
Categories
Archives
- January 2012
- December 2011
- October 2011
- August 2011
- July 2011
- June 2011
- May 2011
- March 2011
- February 2011
- December 2010
- November 2010
- October 2010
- September 2010
- August 2010
- July 2010
- June 2010
- May 2010
- April 2010
- March 2010
- February 2010
- January 2010
- December 2009
- November 2009
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
- June 2007
- May 2007
- April 2007
- March 2007
- February 2007
- January 2007
- December 2006
- November 2006
- October 2006
- September 2006
- August 2006
- July 2006
- June 2006
- May 2006
- April 2006
- March 2006
- February 2006
- January 2006
- December 2005
- November 2005
- October 2005
- September 2005