• Skip to main content
  • Skip to primary sidebar

Victor Font Consulting Group, LLC

The DEX Intranet Specialists

  • Home
  • Care Plans
    • Care Articles
    • Optional Subscriptions
  • Consultations
  • Products
    • Code Snippets
    • Public GitHub Repositories
    • Gist Snippets
    • Pastebin Snippets (Free)
    • Free Plugins
  • FAQs
  • Support
    • Graphic Design
  • Contact
    • Speakers
    • Portfolio
  • Resources
    • Free WordPress Video Training
    • Tutorials
    • Articles
    • Cybersecurity
    • EU Referral Network

Taming the Wild Fleast (Flash Beast)

March 14, 2012 By Victor M. Font Jr.

beauty-and-the-beast-tv

The problem:

You spend countless hours preparing video content for your WordPress multi-site installation. Everything is just right and you successfully QA your pages in Internet Explorer, Firefox and Safari. You deploy to production and sleep well at night knowing all is well. Then Adobe releases a “security fix” for their flash player and you start receiving notices from your customers, who pay to access your content, that your videos have stopped working in their Firefox or Safari browsers. Now you go into firefighting mode until the problems are eliminated.

Background and Impact

Adobe Flash has long been the beast we’ve been forced to live with. Perhaps Steve Jobs was right for not supporting flash content in IOS. This site, VictorFont.com, is just one of six domains I own and operate on my Hostek hosted server. The primary site is http://www.fontlife.com/. FontLife.com is the first domain I purchased in the 90s. It started out as a static family website built in html, migrated to .asp, then released as a third generation .NET application. I moved it to WordPress at the beginning of 2010 after conducting an experiment in blogging on WordPress.com. Now I have 5 additional subdirectory sites setup in the same instance of WordPress all of which play video content.

The problem began with a recent update to the Adobe Flash player. You might not realize this, but there are two versions of the flash player, an active-x control for Internet Explorer and a plugin for all other browsers. For displaying my videos, I use a licensed version of the JW Player from Long Tail Video along with the JW Player for WordPress plugin. Until this recent update to the flash player, JW Player has been running great on my site. After the update it continued to run great in IE, but in Firefox and Safari it wouldn’t even load the skin never mind play videos. I searched the internet like mad trying to find a solution. All I found is numerous posts from other people experiencing the same problem. There is only one solution I discovered that was offered on a few sites.

For anyone experiencing this problem, the financial impact risk could be enormous. It’s the job of any business to keep their customers happy. If your customers can’t view the content they are paying for, they won’t remain customers for very long. (Thank you Adobe!)

The Solution

Out of desperation, I tried the suggested solution and voila' it worked! What is it? It’s creating a cross domain policy file and installing it in my site’s root directory. A support page on the Long Tail Video site says:

The Adobe Flash Player contains a crossdomain security mechanism, similar to JavaScript’s Cross-Site Scripting restrictions. Flash’s security model denies certain operations on files that are loaded from a different domain than the player.swf. Roughly speaking, three basic operations are denied:

  • Loading of XML files (such as playlists and captions).
  • Loading of SWF files (such as skins).
  • Accessing raw data of media files (such as ID3 tags or sound wave data).

Generally, file loads (XML or SWF) will fail if there’s no crossdomain access. Attempts to access or manipulate data (ID3, waveforms, bitmaps) will abort.

This certainly explains what’s happening. The player.swf file is being served up from FontLife.com. The content and skin (xml file) is being served up from VictorFont.com. When I test from FontLife.com, I experience no problems. When I test from VictorFont.com, black screen only, no skin, and no video. The problem is clearly cross domain access.

The issue that truly muddies the water is the fact that everything still works in IE regardless of the domain from which I’m testing. I suspect the active-x control is not securing cross domain access properly, where the flash plugin in Firefox and Safari is correctly preventing cross domain access as Adobe intends. Whatever the case, adding the cross domain policy file instantly fixed the problem. I’ll get a good night’s sleep tonight.

For more details about this issue, visit Adobe Cross Domain Policy File Specification.

  • 84shares
  • Facebook0
  • Twitter0
  • Pinterest0
  • LinkedIn84
  • Print
  • SMS0

Filed Under: Best Practice, Computers and Internet, How To, WordPress Tagged With: Adobe Flash, Cross Domain Policy, JW Player, WordPress

About Victor M. Font Jr.

Victor M. Font Jr. is an award winning author, entrepreneur, and Senior IT Executive. A Founding Board Member of the North Carolina Executive Roundtable, he has served on the Board of Advisors, of the North Carolina Technology Association, the International Institute of Business Analysis, Association of Information Technology Professionals, Toastmasters International, and the North Carolina Commission for Mental Health, Developmental Disabilities, and Substance Abuse Services. He is author of several books including The Ultimate Guide to the SDLC and Winning With WordPress Basics, and Cybersecurity.

Primary Sidebar

Shopping Cart

Books

  • Ultimate Guide to the SDLC front cover The Ultimate Guide to the SDLC
    Rated 5.00 out of 5
    $74.95
  • Winning With WordPress Basics 2nd Edition Winning With WordPress Basics 2nd Edition $19.95

Recent Articles

  • Protected: WordPress Database Modernization Blueprint
  • Social Media Management
  • Site Growth Automation
  • GDPR Compliance Monitoring
  • Digital Strategy Accelerator

Top 10 Article Categories

Best Practice Code Snippet Computers and Internet Genesis How To Leadership Programming Servant Leadership Tutorial WordPress