Using "SWFverification || allowedHTMLdomains" not "SWFverification && allowedHTMLdomains"

Report · Dec 05, 2012

Dear Sir/Madam,

We do have a problem regarding streaming security policy of the Flash Media Server (FMS). In order to avoid third parties to access video streams of our web site and for security purposes, we did apply restrictions. We added related restrictions to allowedHTMLdomains.txt and allowedSWFdomains.txt files so that FMS accepts requests only coming from our domain. The system in its current form works fine for us.

Currently, we are developing an application and this application will run on client computers. So, we would like to use SWFverification to indicate that the application is reliable for us and we should allow the client app to publish our video streams. In this sense, we would like to allow requests not only coming from our domain, but also from the allowed client app which we verified by SWFverification. However, we realized that two restrictions (both domain check and verification check) are checked at the same time, e.g. both constraints seem like they are logically ANDed instead of being logically ORed.

We will appreciate if you could help us resolve this issue so that both our web site users and allowed client app can access our video streams.

Thank you very much for your kind help.

Report · Dec 05, 2012

They are not basically or logically related to each other. Domain restrictions are for to allow only request coming from SWF's from those particular domain whereas SWFVerification is to make sure whether the request is coming for valid swf whether its in domain or outside the domain. I think you would have to relax the domain restrictions if you want to allow valid SWF to connect from whichever domain or have list of domains from which you accept connections to come from.

Adobe Community

Using "SWFverification || allowedHTMLdomains" not "SWFverification && allowedHTMLdomains"