Archive for May, 2010

Shockwave Update = Firefox on OSX

An updated version of Shockwave was released earlier today, and for the first time since August 2008 I can once again use Firefox to view Shockwave content. I’m really glad to see this longstanding issue fixed. It definitely shows that more than just security updates are occurring on the development side of things. The next thing I can’t wait to see is Shockwave running in 64-bit on OSX :)

Here are the details from Allen at Adobe.


Modifications to Shockwave in update 11.5.7.609 are as listed below:

Product Area Bug Description
Keyboard Events Keyboard events are not getting registered properly on IE8 Vista and Win7 reported by various portals
Shockwave During Shockwave installation on Windows 64 bit machines the IE security dialog appears for multiple times.
Cross domain Crossdomain Policy changes to support media based crossdomain checks for Flash cast members.
Mac Various redraw issues in Safari & Firefox while playing the Shockwave content.
Upgrade Smooth Upgrade Process takes care of deleting the old Adobe/Macromedia Downloaded Xtras.

Several Security Updates as listed here;

http://www.adobe.com/support/security/bulletins/apsb10-12.html

This release is considered a critical security update, as detailed on the linked security bulletin.

Details of the modified (additional) Cross Domain Policy changes follow;

Cross Domain Policy changes

Earlier to Director 11.5, there was no Cross-domain checking based on the policy file and thus when we play any shockwave content which was accessing data from a server outside the domain, it used to throw-up security dialogs. In Director 11.5, we introduced the cross-domain checking based on policy files, placed on the servers. This meant that even the URLs accessed by the SWFs were being checked by the Shockwave player against the policy file. But flash player as such does cross-domain checking through policy files or through other security mechanisms (security.allowDomain). The checks which were done through the latter mechanism inside Flash player are not supported in Shockwave and because of this, the content which were accessed by this mechanism failed inside Shockwave.

For example, we have a youTube video player asset, which is a SWF file and this can be used play different youtube videos by specifying the video ID. This has been implemented in Flash using the “security.allowDomain” mechanism for accessing the content from the YouTube server. This SWF can be hosted on any server (not only YouTube) and the videos can be streamed in.

This movie when embedded inside the Shockwave player fails since the player checks only the policy file on the YouTube server. And this policy File on YouTube server does not list any of domains.

In order to address this issue, we have introduced a flash cast member property cdpCheckMode which can be set to either #useMediaPolicy (to use the flash player’s cross domain checks) or #useSWPolicy (to use Shockwave’s cross domain checks).

When we set the property to #useSWPolicy and if the policy file doesn’t have the necessary entry then the content developer has two options.

1. If the movie property enableSecurityDialog is set to true then security dialogs will appear in the Shockwave movie while trying to access the content and the option of displaying the content is given to the end user.

2. On the other hand, if this flag is not set then the movie will fail silently.

_movie.enableSecurityDialog

Usage

— Lingo syntax

_movie.enableSecurityDialog

// JavaScript syntax

_movie.enableSecurityDialog;

Description

Movie property; default value is FALSE, If it is false then the movie will fail silently. If it is set to TRUE then security dialogs will appear in the Shockwave movie while trying to access the content and the option of displaying the content is given to the end user.

Example

This statement sets the enableSecurityDialog property to True which will show the dialogs.

— Lingo syntax

on prepareMovie
_movie.enableSecurityDialog = TRUE
end

// JavaScript syntax

function prepareMovie()
{
_movie.enableSecurityDialog = 1;
}

cdpCheckMode (Flash cast member property)

Usage

— Lingo syntax

member(whichFlashMember).cdpCheckMode

// JavaScript syntax

member(whichFlashMember).cdpCheckMode;

Description

Flash member property; default value is useSwPolicy. When we set the property to #useSWPolicy it will use Shockwave’s cross domain checks and if the policy file doesn’t have the necessary entry then the content developer has two options.

1. If the movie property enableSecurityDialog is set to true then security dialogs will appear in the Shockwave movie while trying to access the content and the option of displaying the content is given to the end user.

2. On the other hand, if this flag is not set then the movie will fail silently.

When it is set to #useMediaPolicy it will use the flash player’s cross domain checks.

Example

This statement sets the cdpCheckMode property to #useMediaPolicy which will follow the flash player’s cross domain checks.

— Lingo syntax

on beginSprite me
member(2).cdpCheckMode = #useMediaPolicy
end

// JavaScript syntax

function beginSprite(me)
{
member(2).cdpCheckMode = symbol(“useMediaPolicy”);
}

1 comment May 11th, 2010


Director Sites

Calendar

May 2010
M T W T F S S
« Apr   Aug »
 12
3456789
10111213141516
17181920212223
24252627282930
31  

Archives

Recent Posts

Recent Comments