I am using twilo client in one of my apps and it is showing following popup when I click on call button
But I want to show the following pop up which is lot simpler and seems less cumbersome
Is there a way to control which pop up comes on the screen? I have read some documentation of adobe but their configuration files live in users computer which ofcourse can not be changed by a website.
Any help will be really appreciated
Yeah, those dialogs are native Flash Player dialogs. The request domain is drawn from the domain that the swf is loaded in, and it must be for security reasons. The only way around this is to have the request come from a swf which is loaded from a "friendlier" domain.
Sounds like something that Twilio would need to address, not you. Perhaps you can bug them on their forum or such?
Related
I am trying to make Facebook playable ad using Phaser3.60 but the problem is that Facebook block XMLHttpRequest which is used internally in phaser load to load images and sounds.
do do any one know a way to images to phaser without using its loader and without using XMLHttpResquest.
I tried to use imageLoadType: "HTMLImageElement" but it also gives me the same error, I dont know if facebook detect the XMLHttpRequest in the Phaser.min or in the game code.
I'm not sure if this is the solution for your specific problem, but after some tinkering, I learn abit about facebooks playable ads.
Disclaimer: First of all, I was not able the get the zip version to run.(not on the preview Tool and not even on a real campain)
With a single file index.html, with all the data inlined (just under the 2MB limit), I can upload the application and get the same Warning,
BUT after I click the Application (what executes FbPlayableAd.onCTAClick(), as mentioned in the yellow highlighted part), then the Done Button is activated, and I can deploy the ad.
I hope this helps.
first post here so I hope I'm not breaking any rules.
So, the situation I'm faced with is a bit complicated. I'm basically trying to login into a hangouts call without having the ability to use the browser itself. I can only insert the URL. Why is that you may ask?
I'm trying to show a hangouts call on my twitch stream using a OBS plugin called CLR browser. This plugin only allows to rezise the window and add a URL from where it'll take information from. It's great for notifications but not so great for what I'm trying to do. But after investigating alot I came to the conclusion that I'm out of options.
I do know you can login to gmail by only using the url like here:
How do I login into Google Apps via a URL?
If, for example I have a hangouts link like this:
https://plus.google.com/hangouts/_/gruxore63cq34fwddtcwwe64raa
Can I add something at the end so it logs in automatically?
Thank you.
Hate to disappoint, but you cannot auto-login using a link. OBS does allow you to screen share a window, though, so you should be able to open your favorite web browser, enter the Hangout, then share the window.
Failing that, XSplit has very flexible screen/region-sharing abilities.
Here's a YouTube video demonstrating exactly how to do this in OBS, and the link is time-coded right to the good-stuff.
I'm new to Chrome extension development, and I'm a bit struggling with the architecture to put in place.
I would like to develop an extension (browser_action), that, when the button is clicked, opens a window where information will be populated from the WebTraffic.
I figured out I could use the WebRequest API to get info about the traffic.
I could create a popup window, but it's displayed only when I click on the extension button, and hides as soon as I click somewhere else
I tried creating a background window, but it does not show up.
I'd be very grateful if anyone could help me with the initial setup of my application.
Thanks in advance
You need both.
Take a look at the Architecture Overview, or maybe this question.
The lifetime of the popup is indeed equal to how long it stays on screen. It's the UI part, but putting logic there is usually bad.
A background page is permanently there but invisible. It's typically the "brain" of an extension, taking care of heavy lifting and routing messages to other parts.
In short:
You need a background script to collect webRequest information for you in some format.
You need a popup page to show it. Keep in mind it's not guaranteed to be present at a given time and can close at any time.
It's probably best to use Messaging to request the information from the background page. If you need real-time updates, you can use long-lived connections.
In your case you can also tightly couple the two and call chrome.runtime.getBackgroundPage() to directly reference stuff in it.
A few weeks ago our flash based game at www.balutgame.com suddenly stopped loading, which was working fine earlier. The website it self loads, but the game window does not, all users just get a black screen.
We have made no changes to the game, DNS etc. According to our hosting company, PLayerIO, the page and files load, however the game file does not.
Since the web version is flash based, I am wondering if it is necessary to make ongoing updates to the swf file when Adobe make updates to their flash player?
I do not know if we have used Adobe Air as well in the web version, but know this is used somehow in app versions we have.
Our problem is isolated to the webversion www.balutgame.com. Hosted at PlayerIO and domain registered with name.com
How to Fix this?
With the limited information of this question, it is hard to provide any solution.
I did run a few test on your site and figured the play button is linked to a swf file.
It points to http://d1ro1du4c73r1c.cloudfront.net/balut-dq1cn30nkeozclazbnk7q/Balut%20Web/Balut._v3.swf this swf file i think needs some player/wrapper for other dependent functionalities.
Have you updated your web page recently? Also FB plugins never loads!
You can check that as well.
I want to allow my users to embed their own Flash animations in their posts. Usually the actual file is hosted on some free image hosting site. I wouldn't actually load the flash unless the user clicked a button to play (so that nothing auto-plays on page load). I know people can make some really annoying crap in flash, but I can't find any information about potential serious damage a flash app could cause to the viewer.
Is it unsafe to embed just any flash file from the internets? If so, how can I let users embed innocent animations but still keep out the harmful apps?
edit:
From what I can gather, the most obvious threat is for actionscript to redirect you to a malicious site.
Adobe says you can set allowScriptAccess=never and allowNetworking=none and the swf should have no access to anything outside of itself. Will this solve all my problems?
Flash has some neat security measures in place. Allowing users to upload swf's to your site and embedding them is unsafe, you're basically setting yourself up for an XSS attack.
However, allowing them to hotlink should not be a problem. The swf will be locked to the domain that is hosting it and is not allowed calling url's outside of that space.
It will still be open to "evil links" (i'm sure theres a proper word for them), and by that I mean having regular links to yoursite.com/admin/deleteallpages.php which it tries to load "as" you. It will not however be able to use this data in any way, it'll basically be the same as a normal link, and I'd guess modern cms' are protected from that type of attacks.
You could get the same protection by hosting your flashes on a different subdomain, since flash considers this the same as a completely different domain.
When embedding SWFs from unknown sources, it is also best practice to throw a mask on the Loader so that the loaded SWF can't take over more screen real estate than expected.
Pseudo-code to do so:
var maskSpr : Sprite = new Sprite();
maskSpr.graphics.beginFill();
maskSpr.graphics.drawRect(0,0,safeWidth,safeHeight);
maskSpr.graphics.endFill();
myLdr.mask = maskSpr;
There is actually more than one option.
To be totally safe, set allowScriptAccess=never and allowNetworking=none and the swf will have no access to anything outside of itself.
NOTE: allowNetworking is only in Flash Player 9 (it was created in response to various myspace worms), so you'll need to use SWF Object to insure that only users with the right flash player version or better have the flash loaded.
If you want to enable things like youtube videos, though, you can't set allowNetworking to "none". Fortunately, there is an intermediate level of security for this field - "internal" which lets the SWF talk to its hosted domain.
Also note that you better not have a crossdomain.xml file on your site - read more about those dangers here and other places.
Here are some other sites that are mentioned by other answers that go into more detail:
http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps_04.html
http://blogs.adobe.com/stateofsecurity/2007/07/how_to_restrict_swf_content_fr_1.html
As an example Drupal has a scenario of how allowing flash content from users could be a security concern.
Adobe says you can set allowScriptAccess=never and allowNetworking=none and the swf should have no access to anything outside of itself. Although allowNetworking is only in Flash Player 9, so users with earlier versions of Flash would still be susceptible to some exploits.
Creating more secure SWF web applications : Security Controls Within the HTML Code
How to restrict SWF content from HTML
Yes, it's unsafe.
There's no easy way of allowing it. You could have a domain whitelist that allowed YouTube, Hulu, etc. through, but whitelisting is inherently painstaking - you'd be constantly updating.