Good Reads

PHP Proxy for Flash Cross-Domain Security problems

If you've been loading XML while working in the Flash IDE and then found it didn't work anymore when you uploaded to your website, then you've probably come across the Flash cross-domain security.

Instead of trying to get the remote site to cooperate, you can just use a PHP script to retrieve the information for you. This PHP script must live on your webserver or you will have the same security problem. Otherwise, the script must live on a server that has a lenient crossdomain.xml setup.

This PHP script takes a "url" parameter, which is the XML file (or XML-RPC service) you are trying to reach. If you're trying to load, the new url you would access would be something like:

** The special thing about this PHP proxy (compared to others) is that it works with XML-RPC, meaning it also forwards POSTed data.

** I'm using this proxy to make XML-RPC calls to a WordPress blog. (now dead)

PHP Code

$post_data = $HTTP_RAW_POST_DATA;

$header[] = "Content-type: text/xml";
$header[] = "Content-length: ".strlen($post_data);

$ch = curl_init( $_GET['url'] ); 
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_TIMEOUT, 10);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);

if ( strlen($post_data)>0 ){
    curl_setopt($ch, CURLOPT_POST, 1);
    curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);

$response = curl_exec($ch);     
$response_headers = curl_getinfo($ch);     

if (curl_errno($ch)) {
    print curl_error($ch);
} else {
    header( 'Content-type: ' . $response_headers['content-type']);
    print $response;

Feel free to contact me.

More info on XML-RPC for Flash |
page 4