Video Cloud
App Cloud
- Overview and general topics
- Product Updates
- Glossary
- The App Cloud SDK
- Creating an app template
- Tutorials
- Content optimization
- Development tips and best practices
- Packaging a template
- Creating apps from a template
- Publishing an app
- Delivering ads
- Push Notifications
- Analytics
- Managing users and accounts
Player Debugger
Resources
Cross-Domain Security in Flash
This topic will help you ensure that your Video Cloud players work within the cross-domain security features of Adobe Flash 9, and describes some of the Video Cloud features that call for cross-domain access.
Video Cloud players are built with Flash Player 9 technologies. As a consequence, players are subject to the cross-domain security features of Flash 9. As well, you might need to implement a crossdomain.xml file for some of the Video Cloud features described in this topic.
Before proceeding, read the following Adobe Flash articles for detailed information about security in Flash 9:
- Cross-domain policy file usage recommendations for Flash Player
- Cross-domain policy file specification
- Policy file changes in Flash Player 9 and Flash Player 10 beta
- Flash Security cross-domain policies in Flash 9
A primer on policy files
In Flash, a SWF playing in a web browser is not allowed to access data that is outside the web domain from which the SWF originated. You can create exceptions to this security restriction by creating a policy file. The policy file must be an XML file named crossdomain.xml. The crossdomain.xml policy file must be hosted on the site root of each of the servers that the player needs to access. The basic principle is, if you want to allow access to a SWF Z in domain A from SWF X in domain B, you must add domain B to your crossdomain.xml policy file in domain A, or use a Security.allowDomain("B") statement in your SWF X. This also means that any SWF hosted under domain B will be able to access SWF X in domain A.
If you're still learning about XML, check out the following:
Video Tutorial: Introduction to XML
The simplest form of crossdomain.xml policy file uses a wild card to allow access to any domain whatsoever, as shown in the following example:
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="*"/>
</cross-domain-policy>
This approach is the easiest to set up, but is not recommended by Adobe. Instead, Adobe recommends that you allow access only for the particular domains you specify. Here is another example of a crossdomain.xml policy file:
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="admin.brightcove.com"/>
<allow-access-from domain="*.example.com"/>
</cross-domain-policy>
Some Video Cloud features that call for cross-domain access
Here are some particular Video Cloud features that may require you to deploy a crossdomain.xml policy file:
Custom player labels
You can customize your player labels by pointing to the URL of a labels XML file. The domain hosting the XML file needs to include <allow-access-from domain="admin.brightcove.com" /> in its crossdomain.xml file.
Custom player components and themes
In a custom player template defined with BEML, you can specify that the player should load a custom component, compiled as a SWF, using either a <SWFLoader/> or a <Module/> element that points to the URL of a SWF file. You can also specify that the player should load a custom theme, compiled as a SWF, using a theme attribute that points to the URL of a SWF file. In any of these cases, the domain hosting the SWF file needs to include <allow-access-from domain="admin.brightcove.com" /> in its crossdomain.xml file.
Closed Captioning DFPX files
You can associate videos with the DFPX files that contain their captions by pointing to the URL of the location of the DFXP files. The domain hosting the XML file needs to include <allow-access-from domain="*.brightcove.com" /> in its crossdomain.xml file.
Image capture with remote progressive download assets
If you want to use the Media module image capture tool with remote assets, you need a crossdomain.xml Flash security policy file on the CDN host that hosts your remote assets.
This security policy file must include *.brightcove.com, as shown in the following example:
<?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*.brightcove.com" secure="false" /> </cross-domain-policy>
Ad tag translators not hosted by Video Cloud
If you use one of the the ad tag translators listed in the topic, Developing Ad Translators, hosted by Video Cloud under http://admin.brightcove.com/adtranslator, there is no need for a crossdomain entry. Why? Because both the Advertising module SWF and the adtranslator.swf SWF are in the same domain. If you are hosting your own ad tag translator, then you need to add <allow-access-from domain="admin.brightcove.com" /> to the crossdomain.xml file on the domain that hosts the ad tag translator. An alternative to this would be to use Security.allowDomain("admin.brightcove.com") in the ad tag translator. In that case, an entry in the crossdomain.xml policy file would not be needed.
Google AdSense for video integration
The Video Cloud Google AdSense for Video Integration requires that you add the following entries to your domain's crossdomain.xml policy file:
<allow-access-from domain="*.brightcove.com" /> <allow-access-from domain="*.googlesyndication.com" />
