我需要创建一个Flash的Web应用程序连接到谷歌驱动器SDK来获取公众的二进制文件，但我面对的跨域安全问题。

我能够使用的跨站点xmlhtt $ P $做到这一点在JavaScript pquest 与CORS。在AS3中，一个的crossdomain.xml 文件要求提供的 docs.google.com 的。然而，当前的设置不要让闪存存取文件。

我已经为现在的解决方案是使用JavaScript来获取数据并使用ExternalInterface的发送到SWF。

有没有更好的解决方案（代理是不是在我的情况选择）？

修改：看来，理想的解决方案将是在的 https://docs.google.com/crossdomain.xml ：

 ＆lt;交域政策＆GT;
     ＆LT;允许-HTTP请求报头，从域=*标题=授权＆GT;
      ＆LT; /让-HTTP请求报头，从＆GT;
＆LT; /跨域策略＆GT;
 

这变化将提供相同的安全权限闪存API比使用Javascript。

可以在其上的谷歌驱动器SDK团队对此有何评论？

CORS适用于大多数业务与谷歌驱动器API。当你正确地说，你可以使用谷歌的JavaScript客户端，并使用ExternalInterface的。我可能会preFER这种解决方案，现在取决于正是你在做什么。

I need to create a flash web app connecting to Google Drive SDK to retrieve a public binary file but I am facing cross domain security issues.

I am able to do it in javascript using cross-site xmlhttprequest with CORS. In AS3, a crossdomain.xml file is requested on docs.google.com. However the current settings don't let flash access the file.

The solution I have as of now is to get the data using javascript and send it to the swf using ExternalInterface.

Is there any better solution (proxy is not an option in my case)?

Edit: it seems that the ideal solution will be to grant access to authorization headers in https://docs.google.com/crossdomain.xml :

<cross-domain-policy>
     <allow-http-request-headers-from domain="*" headers="Authorization">
      </allow-http-request-headers-from>
</cross-domain-policy>

This change will give the same security rights to Flash API than Javascript.

Can the google drive sdk team comment on it?

CORS works for most operations with the Google Drive API. As you rightly say, you can use the Google JavaScript Client and use ExternalInterface. I would probably prefer this solution right now depending on exactly what you are doing.