SlideshowPro/Flash - Crossdomain.xml

stevesuk

I would like to access my smugmug images from a SlideshowPro flash application hosted on my own web site.

... but, to access images in flash, from a different domain that the flash 'swf' resides, there has to be a file called 'crossdomain.xml' in the root of the 'image' server/domain (in this case it would be smugmug).

Is there such a file here and if not could one be created?

Flickr allows this and the file looks like this:-

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="*" secure="true" />

</cross-domain-policy>

Regards,
Steve.

jh4wvu

stevesuk wrote:

I would like to access my smugmug images from a SlideshowPro flash application hosted on my own web site.

... but, to access images in flash, from a different domain that the flash 'swf' resides, there has to be a file called 'crossdomain.xml' in the root of the 'image' server/domain (in this case it would be smugmug).

Is there such a file here and if not could one be created?

Flickr allows this and the file looks like this:-

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy (View Source for full doctype...)>
- <cross-domain-policy>
<allow-access-from domain="*" secure="true" />

</cross-domain-policy>

Regards,
Steve.

I would like to use this feature as well on one of my websites....please advise.

Thanks,
Chris

ivar

jh4wvu wrote:

I would like to use this feature as well on one of my websites....please advise.

Thanks,
Chris

Hi Guys,

We are looking into it, but for now, we don't support this due to security issues, sorry.

Andy

ivar wrote:

Hi Guys,

We are looking into it, but for now, we don't support this due to security issues, sorry.

And, here's one reason why:

http://shiflett.org/archive/263

cmcbrian

crossdomain.xml and Flickr
Hi there,

I'm totally itching to get my nifty Flash based application working with SmugMug. From reading the exploit article that was mentioned in this thread, it looks like Flickr (Cal Henderson) got around the issue by moving the APIs to another domain (api.flickr.com).

So where are you guys (the fine engineers at SmugMug) at in evaluating the security issues of crossdomain.xml?

-Charles

gi7kmc

Workaround
I am thinking about getting a SmugMug account but I would like to use Slideshow pro on my own site to display my photos. The good news is I might have a work around but it does require a bit of programming.

What I plan to try is this:
Set up the links to images in the xml config file for slideshowpro to point to a script on my webserver with the real url as a parameter to the script e.g. http://www.mywebsite.com/getSmugMugPhoto.php?url=http://www.smugmug.com/photos/XXXXX-L.jpg

The script on my site then gets the image from SmugMug (with a bit of logic thrown in to handle caching so if the client already got the image we return a 304 code) and passes it back the client webrowser/flash app

(I am planning to use PHP and Curl but any good web scripting language would do)
If it does work then the next step will be to make use of the SmugMug API and autogenerate the XML config file for SlideShowPro

I'll let you know how I get on.

Jonathan

devbobo

I have a release pending of SmugSSP, that allows for integration between SmugMug and SlideShowPro.

More details soon

ivar

devbobo wrote:

I have a release pending of SmugSSP, that allows for integration between SmugMug and SlideShowPro.

More details soon

clapclap

bowbow you keep coming out with more and more stuff, don't you?

devbobo

SmugSSP is released