• Skip to main content

Victor Font Consulting Group, LLC

Digital Business Strategists

Call Us:

+1 919-604-5828

  • Home
  • Care Plans
    • Care Articles
    • Optional Subscriptions
  • Consultations
  • Products
    • Code Snippets
    • Public GitHub Repositories
    • Gist Snippets
    • Pastebin Snippets (Free)
    • Free Plugins
  • FAQs
  • Support
    • Graphic Design
  • Contact
    • Speakers
    • Portfolio
  • Resources
    • Free WordPress Video Training
    • Tutorials
    • Articles
    • Cybersecurity
    • EU Referral Network
You are here: Home / Best Practice / Taming the Wild Fleast (Flash Beast)

Taming the Wild Fleast (Flash Beast)

By Victor M. Font Jr.
March 14, 2012Leave a Comment

beauty-and-the-beast-tv

The problem:

You spend countless hours preparing video content for your WordPress multi-site installation. Everything is just right and you successfully QA your pages in Internet Explorer, Firefox and Safari. You deploy to production and sleep well at night knowing all is well. Then Adobe releases a “security fix” for their flash player and you start receiving notices from your customers, who pay to access your content, that your videos have stopped working in their Firefox or Safari browsers. Now you go into firefighting mode until the problems are eliminated.

Background and Impact

Adobe Flash has long been the beast we’ve been forced to live with. Perhaps Steve Jobs was right for not supporting flash content in IOS. This site, VictorFont.com, is just one of six domains I own and operate on my Hostek hosted server. The primary site is http://www.fontlife.com/. FontLife.com is the first domain I purchased in the 90s. It started out as a static family website built in html, migrated to .asp, then released as a third generation .NET application. I moved it to WordPress at the beginning of 2010 after conducting an experiment in blogging on WordPress.com. Now I have 5 additional subdirectory sites setup in the same instance of WordPress all of which play video content.

The problem began with a recent update to the Adobe Flash player. You might not realize this, but there are two versions of the flash player, an active-x control for Internet Explorer and a plugin for all other browsers. For displaying my videos, I use a licensed version of the JW Player from Long Tail Video along with the JW Player for WordPress plugin. Until this recent update to the flash player, JW Player has been running great on my site. After the update it continued to run great in IE, but in Firefox and Safari it wouldn’t even load the skin never mind play videos. I searched the internet like mad trying to find a solution. All I found is numerous posts from other people experiencing the same problem. There is only one solution I discovered that was offered on a few sites.

For anyone experiencing this problem, the financial impact risk could be enormous. It’s the job of any business to keep their customers happy. If your customers can’t view the content they are paying for, they won’t remain customers for very long. (Thank you Adobe!)

The Solution

Out of desperation, I tried the suggested solution and voila' it worked! What is it? It’s creating a cross domain policy file and installing it in my site’s root directory. A support page on the Long Tail Video site says:

The Adobe Flash Player contains a crossdomain security mechanism, similar to JavaScript’s Cross-Site Scripting restrictions. Flash’s security model denies certain operations on files that are loaded from a different domain than the player.swf. Roughly speaking, three basic operations are denied:

  • Loading of XML files (such as playlists and captions).
  • Loading of SWF files (such as skins).
  • Accessing raw data of media files (such as ID3 tags or sound wave data).

Generally, file loads (XML or SWF) will fail if there’s no crossdomain access. Attempts to access or manipulate data (ID3, waveforms, bitmaps) will abort.

This certainly explains what’s happening. The player.swf file is being served up from FontLife.com. The content and skin (xml file) is being served up from VictorFont.com. When I test from FontLife.com, I experience no problems. When I test from VictorFont.com, black screen only, no skin, and no video. The problem is clearly cross domain access.

The issue that truly muddies the water is the fact that everything still works in IE regardless of the domain from which I’m testing. I suspect the active-x control is not securing cross domain access properly, where the flash plugin in Firefox and Safari is correctly preventing cross domain access as Adobe intends. Whatever the case, adding the cross domain policy file instantly fixed the problem. I’ll get a good night’s sleep tonight.

For more details about this issue, visit Adobe Cross Domain Policy File Specification.

  • 84shares
  • Facebook0
  • Twitter0
  • Pinterest0
  • LinkedIn84
  • Print
  • SMS0

About Victor M. Font Jr.

Victor M. Font Jr. is an award winning author, entrepreneur, and Senior IT Executive. A Founding Board Member of the North Carolina Executive Roundtable, he has served on the Board of Advisors, of the North Carolina Technology Association, the International Institute of Business Analysis, Association of Information Technology Professionals, Toastmasters International, and the North Carolina Commission for Mental Health, Developmental Disabilities, and Substance Abuse Services. He is author of several books including The Ultimate Guide to the SDLC and Winning With WordPress Basics, and Cybersecurity.

Reader Interactions

VictorFont.com runs on the Genesis Framework

Genesis FrameworkThe Genesis Framework empowers you to quickly and easily build incredible websites with WordPress. Genesis provides the secure and search-engine-optimized foundation that takes WordPress to places you never thought it could go.

Check out the incredible features and the selection of designs. It's that simple—start using Genesis now!

Click here to download The Genesis Guide for Absolute Beginners (PDF - 1.4 MB)

Leave a Reply Cancel reply

Your email address and website will not be published. Required fields are marked *
Posting a comment means that you agree with and accept our Comment & Product Review Policy

Call: +1 919-604-5828

Send us an E-mail

Accessibility Statement | Affiliate Marketing Disclosure | Capability Statement

Cookie Policy | Comment & Product Review Policy | Privacy Policy | Site Map | Terms & Conditions

Copyright © 2003–2022 Victor M. Font Jr.

Return to top of page
Posting....
We only use analytical cookies on our website that allow us to recognize and count the number of visitors, but they do not identify you individually. They help us to improve the way our website works. By clicking Accept you, agree to cookies being used in accordance with our Cookie Policy.OkNoCookie policy