Monday, March 6th, 2006

Cross-domain AJAX using Flash

Category: Flash, Programming

Julien Couvreur has written up a new post on his blog that talks about a method for geting Ajax scripts to talk back and forth between two domains – with a little help from Flash.

TiwyFeeds, a recent AJAX project of mine, uses a Flash object for storing data on the client and also to make cross-domain requests to the Bloglines API. As I explained in that post, the Flash API that it uses set some pretty heavy constraints: only XML could be sent and received.

After Jason Levitt started experimenting with this component, he quickly ran against its limitations. Mainly, he needed to exchange arbitrarily formatted text, such as a POST sending form encoded parameters in the body and receiving JSON encoded data.

So I researched the issue a bit more and found a newsgroup post (in french) on hacking Flash to allow raw text in the HTTP request and response body.

With the hack in place, any kind of raw data can be passed back and forth across domains inside the Flash. He points out how it was done (sendAndLoad details) and offers up some general pointers on working with Flash and coding in ActionScript.

Posted by Chris Cornutt at 1:45 pm
2 Comments

+++--
3.9 rating from 31 votes

2 Comments »

Comments feed TrackBack URI

I’m impressed to see that this is possible but it’s a pretty dangerous functionality. Cross domain scripting enables, any web-browser visiting a hostile site to act as a zombie computer for a brute force password attack on a remote resource.

Comment by Peter Nixey — March 8, 2006

I’m impressed to see that this is possible but it’s a pretty dangerous functionality. Cross domain scripting enables, any web-browser visiting a hostile site to act as a zombie computer for a brute force password attack on a remote resource.

Flash’s cross-domain requests require a cross domain policy file. See http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_14213 for more info.

-James

Comment by James Ward — March 10, 2006

Leave a comment

You must be logged in to post a comment.