On 11/5/14, 9:54 PM, "Justin Mclean" <jus...@classsoftware.com> wrote:
>Hi, > >> I think this is a blocker as well. >> >> +1 for trying to get this fixed before we ship this version. > >Patches/fixes are welcome as I have no idea how to fix it. First step is to contact the third-parties and find out how they want to get loaded (import or sandboxed with Marshall Plan). If import loaded, they need to add us to their crossdomain.xml, probably both flex.a.o and apacheflexbuilds.cloudapp.net:8080. And if import loaded, then SWFLoader should have trustContent=true, but probably only when loading third-party, just to be careful, and maybe have its own whitelist of domains baked into the SWF. -Alex
