I have an AIR desktop application that needs to get information from a website that uses cURL examples in the docs. Using some examples I've found, I think I'm getting close to mimicing the commands in ActionScript but my understanding of AIR security is terrible. I've read everything I can get my hands on (big mistake, with all the changes during the last few years on the security model). Can someone confirm my understanding?
If my application is going to request info from an API, because it's a SWF file, there should be a URL policy file and a Master Policy file on their server, preferably hosted on port 843.
All of the examples I see related to SWF files coming from FLEX (i.e., within an HTML page). Does this mean AIR doesn't need a policy file?
If it does, what is the format for an application policy, rather than a domain. Adobe's example is:
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.example.com" />
<allow-access-from domain="www.friendOfExample.com" />
<allow-access-from domain="192.0.34.166" />
</cross-domain-policy>
But what if the "domain" is 'app:/MyApp.swf', as far as I can tell. Any help, greatly appreciated.