Over a million developers have joined DZone.
Platinum Partner

Enabling Cross-Domain Access to Windows Azure Blobs from Flash Clients

· Cloud Zone

The Cloud Zone is brought to you in partnership with Mendix. Better understand the aPaaS landscape and how the right platform can accelerate your software delivery cadence and capacity with the Gartner 2015 Magic Quadrant for Enterprise Application Platform as a Service.

Here’s an interesting tidbit that came across my desk recently.  If you’re building applications with Adobe Flash and want to enable the use of Windows Azure for blob storage, you’ll need to be able to create a “cross-domain policy file” in order to get the Flash client to request blobs.

Why? Because the Flash client requires it. Specifically:

“For security reasons, a Macromedia Flash movie playing in a web browser is not allowed to access data that resides outside the exact web domain from which the SWF originated.” – Source: Cross-domain policy for Flash movies

So how does that relate to the use of Windows Azure Blob Storage from Flash applications?

Well, imagine this. You create a Flash application and host it on your site. It might even be a site hosted on Windows Azure, or maybe not.  Either way, the application itself has an “exact web domain from which the SWF originated”, as follows:

Hosting Platform Typical URL Originating Domain (as seen by Flash)
Non Windows Azure Host http://www.mycompany.com mycompany.com
Windows Azure Cloud Services, no custom CNAME http://mycompany.cloudapp.net mycompany.cloudapp.net
Windows Azure Cloud Services, with custom CNAME http://www.mycompany.com mycompany.com
Windows Azure Websites http://mycompany.azurewebsites.net mycompany.azurewebsites.net
Windows Azure Websites, Shared or Reserved Mode, with custom domain name http://www.mycompany.com mycompany.com

Now, here comes the problem.  When you access the Windows Azure Blob Storage, the domain that will be serving up your blobs is going to be a subdomain of http://blob.core.windows.net (something like http://yourcompany.blob.core.windows.net), and that doesn’t match up with _any_ of these domains here.  By default, Flash won’t let you access this domain, unless you are able to serve up a crossdomain.xml file from that domain.  This policy file is a little XML file that gives the Flash Player permission to access data from a given domain without displaying a security dialog.  When it resides on a server, it lets the Flash Player have direct access to data on the server, without the prompts for user access.  But since Windows Azure Blob Storage is an Azure service, that’s not possible, right?

As it turns out… it is possible.  You can actually host the crossdomain.xml file in the root container of your blob storage, and then simply ensure that the root container has public read access.  It looks like the following:

CloudBlobContainer cloudBlobContainer = cloudBlobClient.GetContainerReference("$root");
cloudBlobContainer.SetPermissions(new BlobContainerPermissions { PublicAccess = BlobContainerPublicAccessType.Blob }); 


The Cloud Zone is brought to you in partnership with Mendix. Discover how Mendix for Mobile App Deveopment makes it incredibly fast and easy for any developer to build engaging multi-channel apps.


Published at DZone with permission of Adam Hoffman , DZone MVB .

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}