Wednesday, October 27, 2004

Working around the crossdomain.xml security settings in Flash MX 2004

So, my company asked me to build a small weather pod. Something very simple that would sit on our Intranet. Easy enough I thought, check around for a web service, let Flash MX 2004 Professional consume the little sucka and move on to the next big project.

Not so quick -

First, I had a heck of a time finding a free weather web service. Most - like Accuweather are charging for it. That's just sad. They should at least have a bare-bones feed that just gives the temp for free.

I finally stumbled across this service at the National Weather Service.

This is the XML feed for the Ann Arbor Municipal Airport (there are others there, sorted by state, and there are RSS feeds as well!) Grab those here -

The government service is free and currently experimental - but hey - it's accurate and updated every hour... for free. Tell me a free third party extension that you don't "use at your own risk"

So, now I figured - this is sweet. I just need to use the XML Connector and grab the data from this feed and bam - done, right? Nope. It worked fine locally - while testing, but once I published it and tried to view it in a web page, I ran across the new Flash Player security issues.

The new security basically states that you have to have a "crossdomain.xml" file on the server that serves the web service which will control access. Well... seeing as I don't contol the National Weather Service's servers - this wasn't going to work for me.

Then it hit me... hey - how about if I use a ColdFusion page to grab the data and then store it to a file? Yeah, that would work! And it did. Here's a sample of the code I used.

cfset url_address=""
cfhttp throwonerror="yes" resolveurl="yes" method="GET" url="#url_address#"


cfset filen=" getDirectoryFromPath(getCurrentTemplatePath())"
cffile output="#cfhttp.FileContent#" file="#fileN#" action="write"


Then it hit me, well this works and saves the XML from the web service to a file - ready for consumption - but what can I use to trigger this to happen in intervals or every time I view the page?

The answer: Flash Remoting and CFC's.

I created a CFC with the above code and just invoked it from Flash before I loaded the XML doc, this ensured that I was working with the latest and greatest data from the weather service!

By using this process I was able to overcome the cross domain security issue and still deliver the weather to our employees. Don't even ask me how I overcame the fact that we have ColdFusion MX on the development server and 4.5 on the Production! That's a whole other headache.

If you'd like the source for the work I did here - drop me an email.

1 comment:

Jason Nadon said...

I need to eat a bit of crow. I posted that just before I got the pod working. Once I had it working I noticed that when moving servers, I needed to change the virtual directory and seperate the SWF and the CFC. This caused the same security headaches. The workaround though came pretty easy, since I "DO" have control over the server where the CFC was sitting. Adding a crossdomain.xml file solved the issue. It's interesting that if Flash invokes a CFC, it still uses the Flash Player security settings and didn't like having to look in the other virtual directory for the file. All in all - I got it working... and I'm learning more stuff along the way!