Wednesday, October 27, 2004

Working around the crossdomain.xml security settings in Flash MX 2004

So, my company asked me to build a small weather pod. Something very simple that would sit on our Intranet. Easy enough I thought, check around for a web service, let Flash MX 2004 Professional consume the little sucka and move on to the next big project.

Not so quick -

First, I had a heck of a time finding a free weather web service. Most - like Accuweather are charging for it. That's just sad. They should at least have a bare-bones feed that just gives the temp for free.

I finally stumbled across this service at the National Weather Service.

http://weather.gov/data/current_obs/KARB.xml

This is the XML feed for the Ann Arbor Municipal Airport (there are others there, sorted by state, and there are RSS feeds as well!) Grab those here -

http://weather.gov/data/current_obs/

The government service is free and currently experimental - but hey - it's accurate and updated every hour... for free. Tell me a free third party extension that you don't "use at your own risk"

So, now I figured - this is sweet. I just need to use the XML Connector and grab the data from this feed and bam - done, right? Nope. It worked fine locally - while testing, but once I published it and tried to view it in a web page, I ran across the new Flash Player security issues.

The new security basically states that you have to have a "crossdomain.xml" file on the server that serves the web service which will control access. Well... seeing as I don't contol the National Weather Service's servers - this wasn't going to work for me.

Then it hit me... hey - how about if I use a ColdFusion page to grab the data and then store it to a file? Yeah, that would work! And it did. Here's a sample of the code I used.

cfset url_address="http://weather.gov/data/current_obs/KARB.xml"
cfhttp throwonerror="yes" resolveurl="yes" method="GET" url="#url_address#"

cfoutput

cfset filen=" getDirectoryFromPath(getCurrentTemplatePath())"
cffile output="#cfhttp.FileContent#" file="#fileN#" action="write"

/cfoutput

Then it hit me, well this works and saves the XML from the web service to a file - ready for consumption - but what can I use to trigger this to happen in intervals or every time I view the page?

The answer: Flash Remoting and CFC's.

I created a CFC with the above code and just invoked it from Flash before I loaded the XML doc, this ensured that I was working with the latest and greatest data from the weather service!

By using this process I was able to overcome the cross domain security issue and still deliver the weather to our employees. Don't even ask me how I overcame the fact that we have ColdFusion MX on the development server and 4.5 on the Production! That's a whole other headache.

If you'd like the source for the work I did here - drop me an email.

1 comment:

Jason Nadon said...

I need to eat a bit of crow. I posted that just before I got the pod working. Once I had it working I noticed that when moving servers, I needed to change the virtual directory and seperate the SWF and the CFC. This caused the same security headaches. The workaround though came pretty easy, since I "DO" have control over the server where the CFC was sitting. Adding a crossdomain.xml file solved the issue. It's interesting that if Flash invokes a CFC, it still uses the Flash Player security settings and didn't like having to look in the other virtual directory for the file. All in all - I got it working... and I'm learning more stuff along the way!