Google Oauth crossdomain.xml problem with Flex
https://stackoverflow.com/questions/5466559
-
14-11-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am trying to get the RequestToken with flex from https://www.google.com/accounts/OAuthGetRequestToken. It works fine in the Flash Builder, but not in the localhost. I think it is the crossdomain.xml problem, so I try to find the crossdomain file in https://www.google.com/accounts/crossdomain.xml and https://www.google.com/crossdomain.xml. However, I cannot find it.
My question is where I can find crossdomain.xml for OAuthGetRequestToken.
Please advice. Thanks.
Update:
var loader:URLLoader = new URLLoader();
var request:OAuthRequest = new OAuthRequest("GET", requestTokenUrl, oauthParams, consumer, null);
var urlrequest:URLRequest = new URLRequest(request.buildRequest(signatureMethod));
loader.addEventListener(Event.COMPLETE, requestTokenHandler);
loader.load( urlrequest );
Solution 3
Finally, I use the AuthSub for the Authorization with Flex. I have mention this in the following issue request: http://code.google.com/p/gdata-issues/issues/detail?id=1855#makechanges
If anyone is interested in seeing this happen, please star the above feature request.
OTHER TIPS
the problem is probably that you need to specifically allow the folder on your computer that contains your swf access to the outside internet. Go the the flash settings manager for global security settings here:
http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager04.html#117502
and add the folder on your HD with the swf in it to the list of "Always trust files in these locations." For convenience you can add your whole HD but you might be opening yourself up to some security risks.
Does google say they have a crossdomain for that service? My guess is they do not. If that's the case, you will never be able to access the service directly from the SWF. Since flash is executed on the client machine, the crossdomain policy is needed to prevent unauthorized network code from executing behind a firewall.
The standard practice is to set up your own server with the appropriate crossdomain policy, and use it to proxy calls to any external services. This is a good idea regardless, simply from a scalability standpoint.
