tags:

views:

205

answers:

2
Q: 

Switching from HTTP to HTTPS in a Flex application

Hi,

I am building a FLEX web application that also has a payment module where the user needs to enter his credit card details.

The whole Flex application runs on HTTP. However, whenever the user lands on a page where we ask for credit card details, we want these details to be sent over HTTPS. In this page we need information from the model of the application, because it holds certain selection the user did, the state the application is in, etc.

How can I best solve this? Do I need to make this page a Module that runs on HTTPS? Or can I just configure the specific 'credit card' services (we have a JAVA back end) so that these run on HTTPS?

Any help is appreciated. Thanks!

+1  A: 

You will run into issues with the browser's same-orgin policy when you try to make requests to https://foo.com from an application loaded from http://foo.com. I'd recommend just putting the application and services on https. However if you do that make sure you are using the Flex Framework RSLs because most browsers don't cache SWFs loaded over https.

James Ward  2009-12-21 13:42:14
Ok thanks. So that means the complete application runs over HTTPS right? I believe I can do that without a problem. Do you know any consequences running the whole thing over HTTPS, will it affect performance for example?
Mad Oxyn  2009-12-21 22:51:41
Yeah. Load the application over https and only make requests via https. There will be a very minor performance hit on the server.
James Ward  2009-12-22 02:56:15
A: 

What if we cannot make the application run on https? What should we do there? AppEngine has a restriction that when AppEngine is running on Google Apps domain, https does not work.

Our scenario is as follows: We have a swf loaded from our server (say http ://foo.com). Inside the swf, we want to call https://graph.facebook.com/me/friends (URL of facebook's new Graph API, which requires https). Is this possible?

Any help is appreciated. Thank you very much.

flexuser  2010-05-13 06:51:51
https ://graph.facebook.com/crossdomain.xml has <allow-access-from domain="*" />
flexuser  2010-05-13 06:53:56

related questions

Silverlight vs Flex
Executing JavaScript from Flex: Is this javascript function dangerous?
How To Get Label Of Combobox to Fade In Flex
How do I change the title bar icon in Adobe AIR?
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Flex: does painless programmatic data binding exist?
SoapException: Root element is missing occurs when .NET web service called from Flex
Any recommendations for in-depth Flex training?
How do I restyle an Adobe Flex Accordion to include a button in each canvas header?
Deleting / Replacing A Node in E4X (AS3 - Flex)
How can I "unaccept" a drag in Flex?
Printing Flex components in FireFox 3
Is it possible to add behavior to a non-dynamic ActionScript 3 class without inheriting the class?
How do I get rid of the "multiple describeType entries" warning?
Open local file with AIR / Flex
Flex / Air obfuscation
Adobe Flex component events
Can you access the windows registry from Adobe Air?
Actionscript 3 - Fastest way to parse yyyy-mm-dd hh:mm:ss to a Date object?
Adobe Air - Using multiple SQLite databases at once
How can I unit test Flex applications from within the IDE or a build script?
Best way to learn Flash?
Get the current logged in OS user in Adobe Air
Adobe air - SQLStatement.execute() - Multiple queries in one statement
Unloading a ByteArray in Actionscript 3.