"Take It With You" Feed Reader · Curiosity is bliss

Curiosity is bliss    Archive    Feed    About    Search

Julien Couvreur's programming blog and more

"Take It With You" Feed Reader

 

As I mentioned in my post on TiwyWiki, Flash can offer some cross-domain communication capabilities in addition to persistent client storage.
TiwyFeeds is an AJAX-based Bloglines reader with offline support and using cross-domain requests. It makes use of the Bloglines Web Services to load your subscription list and the corresponding feed data.

You can try the TiwyFeeds demo, but keep in mind it's still an early prototype.

You'll first need to load your subscription list, by clicking "Refresh Subscriptions". This will likely prompt you for your Bloglines credentials. You can then click on the subscription tree to load the corresponding unread entries.
You can also set your browser in Offline mode and open feeds, in which case the locally cached entries will load. I haven't implemented a way of loading the cached entries corresponding to a time period though.

Some other possible features are expiration policy for the local cache, bookmarking ("My starred items") or full-text search.


Flash restrictions (local sandbox):

When I first started looking at Flash for making cross-domain requests, I knew that Flash did have such capabilities, but also that they were restricted. In particular, I read this document, "Security Changes in Flash Player 8", that explains how the Flash 8 Player local sandbox works.

The limitation that stood out is that the SWF-HTML capability (allowing javascript to call into Flash and vice-versa) isn't granted for Flash running in a local sandbox. Although it's possible for the user to grant it, it doesn't make for a good user experience. This pretty much discarded the option of running an online/offline AJAX application by copying it locally.

Cross-domain requests:

A couple of ActionScript APIs allow communication over the network, such as LoadVars.load (but it requires a specially formatted response), XMLSocket. connect (but it's not allowed if the port number is less than 1024), NetConnection.connect (but it only supports a special Flash remoting protocol) and XML.load.

I ended up going with XML.load, which allows to make a GET request to a server and retrieve an XML document. There is also XML.sendAndLoad which is similar but makes a POST request.
These APIs are definitely not as flexible as XmlHttpRequest, but they are good enough to interface with the Bloglines API and probably for a number of other scenarios.

In terms of security, the XML.load API is restricted to a same domain policy by default. But domains can publish a policy file allowing for cross-domain requests.
For example, Bloglines hosts a crossdomain.xml file that allows requests from any domain. On the other hand, Google does not, making requests to the Google Reader API impossible from Flash.

The Flash4AJAX.swf Flash object used by TiwyWiki and TiwyFeeds exposes the XML.load API under the "XmlGet" function. Look at the TiwyFeeds code for more details, but essentially, it takes a url and a callback function name as the two parameters. When the request completes, the callback is called and the XML content is available thru GetVariable("retXml").

ExternalInterface issues:

Performance is the reason for requiring the callback method to use GetVariable, rather than expecting the XML string as a parameter. Passing large chunks of data into a callback is much slower than transfering it across using GetVariable.

Brad also identified this performance issue with ExternalInterface.call, as well as a bug with some characters passed thru ExternalInterface. My workaround for this second problem is to encode the strings whenever crossing the Javascript-ActionScript boundary.

Conclusion:

Flash again opens some new doors for AJAX development, by allowing cross-domain requests with a simple security policy.
A more flexible API would make sense though, and the ExternalInterface API could use some improvements. Also worth mentioning is a bug in Firefox that doesn't allow XML.onHTTPStatus event handler to access the response status code.

Let me know if this is useful to you and if you incorporate it in some of your projects.


Update (2005-02-06): Posted a bit of documentation for the client-side storage used for the Feed Reader, as well as the source code for the Flash component.

comments powered by Disqus