开发者

Google Oauth crossdomain.xml problem with Flex

开发者 https://www.devze.com 2023-02-20 05:02 出处:网络
I am trying to get the RequestToken with flex from https://www.google.com/accounts/OAuthGetRequestToken.It works fine in the Flash Builder, but not in the localhost.I think it is the crossdomain.xml p

I am trying to get the RequestToken with flex from https://www.google.com/accounts/OAuthGetRequestToken. It works fine in the Flash Builder, but not in the localhost. I think it is the crossdomain.xml problem, so I try to find the crossdomain file in https://www开发者_如何学Go.google.com/accounts/crossdomain.xml and https://www.google.com/crossdomain.xml. However, I cannot find it.

My question is where I can find crossdomain.xml for OAuthGetRequestToken.

Please advice. Thanks.

Update:

var loader:URLLoader = new URLLoader();
var request:OAuthRequest = new OAuthRequest("GET", requestTokenUrl, oauthParams, consumer, null);
var urlrequest:URLRequest = new URLRequest(request.buildRequest(signatureMethod));
loader.addEventListener(Event.COMPLETE, requestTokenHandler);
loader.load( urlrequest );


the problem is probably that you need to specifically allow the folder on your computer that contains your swf access to the outside internet. Go the the flash settings manager for global security settings here:

http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html#117502

and add the folder on your HD with the swf in it to the list of "Always trust files in these locations." For convenience you can add your whole HD but you might be opening yourself up to some security risks.


Does google say they have a crossdomain for that service? My guess is they do not. If that's the case, you will never be able to access the service directly from the SWF. Since flash is executed on the client machine, the crossdomain policy is needed to prevent unauthorized network code from executing behind a firewall.

The standard practice is to set up your own server with the appropriate crossdomain policy, and use it to proxy calls to any external services. This is a good idea regardless, simply from a scalability standpoint.


Finally, I use the AuthSub for the Authorization with Flex. I have mention this in the following issue request: http://code.google.com/p/gdata-issues/issues/detail?id=1855#makechanges

If anyone is interested in seeing this happen, please star the above feature request.

0

精彩评论

暂无评论...
验证码 换一张
取 消