Check out our Angular Book Series.

How can I avoid Cross Domain Restrictions When doing HTML5 Development?

Sometimes when I'm developing an HTML5 app for a client it does not make sense to set up the client's full environment on my local machine.

Sometimes the setup is complicated and the budget doesn't allow me to spend a day or two for setup. Sometimes the apps are leveraging services that spread between multiple departments and servers and it is not practical to set them all up locally. Other times, the client wants me up and running in the shortest order possible. In such situations, I still write code on my local local machine, but access their services remotely.

HTML applications that run in a browser this can cause a problem. The HTML app can't use xmlHTTPRequest to make calls to remote servers. This is done to prevent normal users from running into cross site scripting which are often used for nefarious means.

When developing code locally, however, my use is legit and I need a temporary work around. In these situations, I often go to a a Chrome command line argument that disables cross site scripting restrictions:

pathtoChromeInstall\Chrome.exe -disable-web-security

Once this is in place, I am able to run HTML code on my local server that can make remote service calls to my client's server. Then all is good in the world and I'm able to continue to work productively with my client.

There is a great StackOverflow writeup on this point.

Encrypt in Flex and Decrypt in ColdFusion

A thread has been going on for a bit today over on the Flex Coders list. How do you encrypt data in Flex, pass it to ColdFusion and then decrypt it? I struggled with this very same question quite a while ago; and sort of came up with an answer after a lot of trial and error. This post is me finally documenting my answer.

First, there are two open source AS3 libraries that you can use to deal with data encryption in Flex: ASCrypt3 and Crypto. ASCrypt3 was my attempt at converting an ActionSCript 2 library to an ActionScript 3 code base. I understand that Crypto was created from the ground up to make use of AS3 enhancements to make things more performant. Both libraries offer plenty of ways to encrypt, or decrypt data in Flex.

I'm going to assume that we want to use AES (Rijndael) to encrypt the data in Flex before sending it to ColdFusion. Unfortunately, I was never able to get the ASCrypt3 code base working with CF properly. People have told me they've used it succesfully for Java. I have used Crypto to succesfully pass encrypted data back and forth between ColdFusion and Flex, though.

First we need to create our key, and specify some settings. Load the Crypto demo. Click "Secret Key" from the TabNavigator and set these steps:

  1. Encryption: AES
  2. Mode: ECB
  3. PaddingPKCS#5
  4. Prepend IV to Cipher: Leave Unchecked
  5. Key Format:Hex
  6. Plain Text: Text
  7. Cipher Text: Hex

Once your settings are set, click "Generate 128 bits" to generate a key. If you create your own key using alternate means, that's fie but you'll have to be sure it is 128 bits and in Hex format; or things may go awry when switching between systems.

Type your text: "This is a Test", then click the Encrypt button. Doing this on the fly, my key was "e1787cfc32d25355f267c53837c6062e" and the cipher text was "182f2031903e0a63ed77881b1561954c".

I'll assume you know of some manner to get this data from Flex to ColdFusion (or, really any other backed you desire).

On the ColdFusion side, there is a great knowledge base article about dealing with encryption, so you might want to start there. To decrypt, we are dealing with a handful of built in functions:

  • BinaryDecode: Converts a string to a binary object. We use it to turn our Hex Key into binary format.
  • ToBase64: This calculates a string representation of a binary object. We are using BinaryDecode to turn our Binary String Hex Key into a string.
  • Decrypt: This one performs the decryption algorithm

The actual code will be something like his:

<cfset HexKey = "e1787cfc32d25355f267c53837c6062e">
<cfset myKey = ToBase64(BinaryDecode(HexKey, "Hex"))>
<cfset Encrypted = "182f2031903e0a63ed77881b1561954c">
<Cfset Decrypted = Decrypt( Encrypted, MyKey, 'AES','Hex')>

First we take the HexKey, binaryDecode it and Base64 it. Then we feed those values along with our encrypted text into the Decrypt function. Finally, output the results:


There is a lot of conversion going on, but I'm not quite sure why it's needed. I was able to get this working using Crypto and CF, but never ASCrypt3 and CF. I suspect the problem was in the encoding of the key + result; but never had a chance to explore it in further depth. Can anyone explain?

Your mission, if you choose to accept it is to write the CF code to encrypt data before sending it to Flex. It shouldn't take long.

If you need do something 'real world' you'll have to download Crypto and figure out how to call the encryption algorithms within Flex. :-)

ASCrypt3 Rijndael Update

I made an update to Rijndael encryption in ASCrypt. There was a problem initializing the object if you were using a blocksize or key length other than the default.

It should be working better now. Of course, I still can't get it to produce the same results as ColdFusion's Encrypt function.


ASCrypt3 code works in Flex 2.0.1

I just did some testing of ASCrypt3 in Flex 2.0.1. Everything seems to be working as expected.

The allusive LZW script started throwing an error (as opposed to returning no results and just not working). Aside from that, I still wasn't able to get it working.

However, I did go back to one of the sources used for the ASCrypt LZW class. I was able to get the source working ( I named it LZW_RazorBerry ). The interesting thing about this implementation is that it allows you to output an XML safe string.

I added this to the readme (once I update the file), but I felt the need to say that I never verified any of the algorithms, only converted them. I am not an encryption expert.

Update File updated, you can download here

ASCrypt 3.0 now on RIAForge

I've been creating an ActionScript 3 port of the ASCrypt ActionScript 2 component. The project is now up on RIAForge.

You'll find my first conversion attempt (Rijndael) in the software pod to the right. Behind the scenes, I've converted everything in the initial ASCrypt component except for LZW which I can't get to work.

I'm still in the process of uploading files and the sort.

Update: I've now uploaded the files to RIAForge!

Update: And changed the link in my software pod!

All Content Copyright 2005, 2006, 2007, 2008, 2009 Jeffry Houser. May not be reused without permission
BlogCFC was created by Raymond Camden. This blog is running version