Looks nice, but I'm at a loss for why I'd use this. Perhaps older browsers where there is a flash plugin but no XMLHTTPRequest support in javascript? But this isn't tested on older browsers. Or does it give you cross site requests without adding script elements to the DOM?

--Andrew Kirkpatrick 21:42, 28 December 2007 (MST)

Hi Andrew,

This would be useful in cases where you want to make cross-domain requests to third parties which allow it (by way of a crossdomain.xml file). Notable sites that allow this are Yahoo! APIs and Flickr.

Using a native XMLHttpRequest object, such requests are forbidden due to the same origin policy mentioned in the article.

Hope this helps!

--Jimbojw 19:46, 29 December 2007 (MST)

You are a genius! Thanks!

--Jean-Lou Dupont 09:22, 19 January 2008 (MST)

This is just a great solution to cross domain requests. Thanks a ton. Now for my contribution :)

I noticed that I wasn't able to get the swf file to work correctly if it was hosted on a domain that wasn't the same as the HTML page. The workaround is to include: flash.system.Security.allowDomain("*"); at the beginning of the main() function, and recompile.

--Imad Jureidini 11:31, 25 January 2008 (MST)

Hi Imad,

Thanks for the tip about allowDomain(). You're actually not the first person to suggest that to me. I guess I should add that and make it easy on everybody :)

--Jimbojw 11:38, 25 January 2008 (MST)

In order this works,

At the root of the domain of the target url, you need to put a file crossdomain.xml

<cross-domain-policy>
  <allow-access-from domain="*.jimbojw.com" secure="false"/>
</cross-domain-policy>

In order the demo found here : http://jimbojw.com/examples/swfhttprequest_demo.php

works with an url of my domain

http://mansonthomas.com/test/test.php

I needed to add

<cross-domain-policy>
  <allow-access-from domain="*.jimbojw.com" secure="false"/>
</cross-domain-policy>

at http://mansonthomas.com/crossdomain.xml

Otherwise, you'll get a 404 error if the crossdomain.xml is not there or disallow your domain.

Thomas

PS : I've found the info here : http://www.xml.com/pub/a/2006/06/28/flashxmlhttprequest-proxy-to-the-rescue.html

--Thomas Manson 05:41, 17 February 2008 (MST)

Hi Thomas,

You're correct - there needs to be a crossdomain.xml file on the target server in order for this to work.

I have written about the topic of doing Cross-domain Ajax via Flash - check it out for more info.

--Jimbojw 10:32, 18 February 2008 (MST)

Hi Jim,

lets say I want to go page-wide with Prototype, how do I manage to load the swfhttprequest.swf before prototype so that the swfhttprequest instance will be available to instanciate inside Ajax.getTransport ?

Isn't it that normally I load prototype inside the HEAD and the swf AFTERWARDS inside the Body?

All help very appreciated.

Mario

--[Mario.Pilz@gmail.com Mario] 15:53, 26 May 2008 (MST)

Hi Mario,

>how do I manage to load the swfhttprequest.swf before prototype

The first question I'd ask is why you want to do that. When you embed the swfhttprequest object, you can optionally specify some javascript to run when it's finished loading via a 'onload' URL parameter.

In your case, you'd probably want to load Prototype, then a bit of custom JavaScript which creates a "setup" function. Something like this:

function setupSWFXHR() {
  // Tell Prototype to use SWFXHR
};

Then set the "onload" URL param to "setupSWFXHR" in your object/embed clause like this:

<object ...>
   <param name="movie" value="swfhttprequest.swf?onload=setupSWFXHR" />
   ...
   <embed ...
       src="swfhttprequest.swfonload=setupSWFXHR"
   ...></embed>
</object>

When the flash file is done loading, it will kick off the setupSWFXHR function, and from then onwards Prototype will be ready to go.

I'd say that's probably the easiest way to get what you want. If you still feel that you need to have the flash completely loaded before Prototype starts, you could use your setupSWFXHR function to dynamically add a <script> tag to the DOM. Chances are you won't have to do this however.

Hope this helps, and good luck!

--Jimbojw 10:49, 5 June 2008 (MST)

This project looks like a pretty useful one. I'm glad I have run across it.

Looks like we were developing a similar concept at the same time as you. I've been working on 'flXHR', a very similar project, for some time now, and I've finally just now released it open-source (it was first done for a commercial application as closed-source).

flXHR uses the SWFObject 2.1 library under the covers to implement automatic embedding of the invisible "proxy" SWF on the page, so someone can use flXHR exactly like the native XHR without needing to add all the object/embed markup stuff.

There are also some helpful (IMHO) additions I've made to the native functionality, including robust error callback handling, timeouts, the ability to define where to look for the cross domain policy file, etc.

Check out flXHR over at http://flxhr.flensed.com

Maybe some of what I've done there can be a benefit to this project as well. Great work so far, hope you keep it up!

--Kyle Simpson 14:02, 19 June 2008 (MST)

Sounds just what I am looking for but I'm having a few problems. Code snippet below works when using XMLHttpRequest() but using SWFHttpRequest() I get status=404, but I think the underlying error is 400 (bad request). I've added the crossdomain.xml to my server.

Have you any suggestions?

var xmlHttp = new createXMLHttp();
xmlHttp.open("POST", "http://" + ipAddress + "/webservice.asmx", useFlash);
xmlHttp.setRequestHeader("Content-Type", "text/xml");
xmlHttp.setRequestHeader("SOAPAction", "http://mywebsite.co.uk/Ping");
xmlHttp.setRequestHeader("Timeout", "Second-5");
if (useFlash)
{
    // asynchronous
    xmlHttp.onreadystatechange = function()
    {
        if (this.readyState == 4)
        {
            if (this.status == 200)
            {
                result = true;
            }
            else
            {
                alert("status: " + this.status);
            }
            showPage(result);
        }
        else
        {                    
            alert("readyState: " + this.readyState);
                alert("status: " + this.status);
        }
    }
}
 
xmlHttp.send("<soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' xmlns:xsd='http://www.w3.org/2001/XMLSchema' xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'><soap:Body><Ping xmlns='http://mywebsite.co.uk/'></Ping></soap:Body></soap:Envelope>");

--Stuart Eastland 02:59, 20 August 2008 (MST)

Hi Stuart,

Unfortunately, there is no way (or at least, there wasn't when I wrote SWFHttpRequest) to determine why exactly a remote call failed. That is, whether it was an HTTP 4xx, 5xx, or some other type of Flash-only failure such as a missing crossdomain.xml file. So, I hard-coded the 404 return code since that would likely be the problem in most cases.

The other problem is that at the time I wrote this code, the Haxe programming language didn't support arbitrary post bodies. That is, you must supply key/value pairs through the haxe.Http setParameter() method. The best I could do was to parse the provided string as though it were URL encoded key/value pairs and push them in with setParameter(). This is most likely what's breaking your soap example.

The funny thing is, the Http object has a setPostData() method, which is supported by Flash 9, but the docs specify that it's only available for Neko and JavaScript targets. It may be that the documentation is just out-of-date but that the method is actually implemented correctly. At the time I was developing SHR, I looked in the haxe code and saw that it was not implemented for Flash, but that may have changed.

In any case, you may still be able to hack together a solution. Your SOAP body does include at least one equals sign, so the roundabout parsing/reencoding may work.

The one other thing I'd recommend is moving away from straight SOAP. Since you control the recipient web service, you could change the input from raw POST data to data in the form of "soapenvelope=SOAPDATA". If it's not hard for you to change the web service, this may be much smoother than trying to fix it from the JS/Flash side of things. :/

Good luck!

--Jimbojw 09:19, 20 August 2008 (MST)

great tutorial jimbojw, but, i'm having a bit of an issue... i copied and pasted (from view source) your swfhttprequest demo into an html file running it locally. i included the swfhttprequest.swf file in the same folder. but i am getting "ERROR: SWFHttpRequest is not defined" any ideas?? -logan

--logan 12:22, 22 October 2008 (MST)

Hi ! thanks for the post ! I am trying to integrate it on the clean-ajax kavascript module. I modified the Engine.js to allow usage of SWFHttpRequest. Is it using it, however when I try to do some crossdomain soap calls or whatever I do get 'too much recursion' error on Firefox Console. I think there is an infinite loop on the hx code. Is there a way to debug it or a new version ?

--kpoman 16:06, 2 December 2008 (MST)

Just what I was after. Great work! :)

--Tom Graham 12:40, 3 December 2008 (MST)

Jimbo, Nice work but iam having trouble using remote source i.e. src"http://someURL/swfhttprequest.swf" in firefox but IE7 seems to be working fine can you guide me how can i run this !!! on Fire Fox Thnx in ADVANCE Chao

--John 23:31, 18 January 2009 (MST)