oembed api, allowscriptaccess
7 views
Skip to first unread message
aland
Oct 30, 2009, 11:39:03 AM10/30/09
to SoundCloudAPI
Sorry if this is not relevant but this was the first place I could
think to post about this.
I am writing some code so it's possible to embed flash objects in
posts on a forum, so far I was writing it using just preg_replace etc
but discovered the oembed api recently and it looks interesting.
However, I have a problem with the fact that (it seems) all returned
objects have
<param name="allowscriptaccess" value="always"></param>
Which I understand to be bad thing, however I'm no expert on the
subject.
Is it possible to change this to value="never" or at least
"sameDomain"? I mean on the server side, I could preg_replace the
response but seems to defeat the point of using oembed. Is there a
reason it's set to always?
Thanks, Alan
think to post about this.
I am writing some code so it's possible to embed flash objects in
posts on a forum, so far I was writing it using just preg_replace etc
but discovered the oembed api recently and it looks interesting.
However, I have a problem with the fact that (it seems) all returned
objects have
<param name="allowscriptaccess" value="always"></param>
Which I understand to be bad thing, however I'm no expert on the
subject.
Is it possible to change this to value="never" or at least
"sameDomain"? I mean on the server side, I could preg_replace the
response but seems to defeat the point of using oembed. Is there a
reason it's set to always?
Thanks, Alan
matas
Nov 2, 2009, 6:35:48 AM11/2/09
to SoundCloudAPI
hi Alan,
you can replace the allowscriptacces to anything you'd like, as long
you don't click on links in player or communicate with player's JS API
it shouldn't make any difference.
on the other side, the player's full functionality is avalable only on
'always's setting. samedomain in your case is the same as 'never',
because the player's domain is player.soundcloud.com and yours is
probably something different.
cheers,
Matas
you can replace the allowscriptacces to anything you'd like, as long
you don't click on links in player or communicate with player's JS API
it shouldn't make any difference.
on the other side, the player's full functionality is avalable only on
'always's setting. samedomain in your case is the same as 'never',
because the player's domain is player.soundcloud.com and yours is
probably something different.
cheers,
Matas
Reply all
Reply to author
Forward
0 new messages