> > >On Mon, Sep 21, 2015 at 9:12 AM, Alex Harui <aha...@adobe.com> wrote: > > > >>Did you try running from http:// and not just file://? I’m curious as > to > >> how it works around browser cross-domain security. > >> > > > >We control the SuperProxy app on > >https://apache-flex-dashboard.appspot.com, > >so I went ahead and added a cross domain xml on the server. > >https://apache-flex-dashboard.appspot.com/crossdomain.xml > > > >It works fine when I run it from http://locahost and an internal remote > >server. I can try putting it up in a secret page on flex.apache.org if > we > >want test it for real. > > > >Once I get the javascript version building, I will see if it works by > >default. If not, I believe I can set the Access-Control-Allow-Origin > >header to * for the server responses which would take care of CORS in the > >JS version. > > If you can control the crossdomain.xml and HTTP Headers we’ll probably be > ok, but I wouldn’t use *, just a small whitelist, or maybe *.a.o. >
The GA SuperProxy app is built for anyone and everyone to access the data. So, I wouldn't worry about giving access to "*". At least until we figure out a place for the dashboard when it goes live. Thanks, Om
