displayed insecure content from http://fpdownload.adobe.com/crossdomain.xml

Question

So recently I noticed a flash video player I created started running in to insecure content issues when played through an https URL. I spent quite some time going through all the measures to make sure everything within the source code of my document as well as the embed and video URLS all adapted to the https protocol. Obviously on https URLs it's important to keep the page from loading any insecure content, but I also found for IE7 users the player is unable to load (and sadly I cannot ignore the issue due to the number of IE7 users on my site). Chrome's console made specific mention of two insecure URLs being accessed when the player is loaded:

The page at [my page here] displayed insecure content from http://fpdownload.adobe.com/pub/swz/crossdomain.xml.

The page at [my page here] displayed insecure content from http://fpdownload.adobe.com/crossdomain.xml.

The most relevant resource I could find in regards to resolving this issue was found here: http://forums.adobe.com/message/4785213

The user seemed to be having the same issue, but the problem for me now is that this solution (as well as all others I found) all refer to Flex, while I'm using Flash Professional CS6.

I originally was using the 'Classic Text' type and after no avail, swapped all text objects to the 'TLF Text' type. I also went through all the trouble of embedding all fonts (only Arial Regular and Bold are used, each embedded with all upper/lowercase, numbers and symbols. No other glyphs are used in any text object) in my flash project so that it wouldn't (or shouldn't) need to connect to adobe's servers.

So is there something obvious I'm missing or is the solution a bit more complicated in Flash CS6?

Any help at all is greatly appreciated.

Answer 1

So finally, months later I have stumbled across a solution to this issue in CS6. Like in Flex you must essentially disable the RSL linkage to adobe and instead have everything embedded within your own code; the biggest problem was figuring out how to do that since everything I found only explained where this setting was in Flex.

So, for Flash users you can fix this by following: - Choose File > Publish Settings.
- Click the Flash Tab.
- Click the Settings button next to the Script menu.
- Click the Library Path tab.
- Select Merged Into Code from the Default Linkage menu.

This information was burried in adobe's help site: http://help.adobe.com/en_US/flash/cs/using/WSb03e830bd6f770ee-4b0db644124bbdb363d-8000.html

This (obviously) greatly increased the size of my .swf but it seems to have removed all issues with insecure content being pulled from adobe's servers under an https protocol.

Answer 2

If you're using your own config.xml you can override the settings for them.

The default RSL paths are in the flex-config file (Flex-sdk\frameworks\flex-config.xml). You can copy those runtime-shared-library-path blocks to your config.xml and change them to be https:// as needed.

(From this link)