<param name="allowScriptAccess" value="sameDomain" /> seems to be broken

See https://groups.google.com/forum/#!topic/twitch-api/0XXwHUYO8Vo for context as to why im using value=“sameDomain”.


I was using this param value when I embed streams:

param name=“allowScriptAccess” value=“sameDomain”

to open a new tab when redirecting to the twitch.tv/channel,

However, this hack doesn’t seem to work anymore and I would like some closure or insight as to why.

I came here for the same reason. As a good practice, I never give Flash objects access to my own page. They should generally not need it and it protects me in the event Twitch is compromised. With allowScriptAccess=always, if an attacker gained access to Twitch’s player they could use it as a vector into anybody’s site.

Why does the new player require elevated permissions now? It puts third-party websites at risk for no apparent benefit.

You could always use the IFrame embed player, http://www.twitch.tv/CHANNEL/embed, if you’re worried about sandboxing.

I’d love to but it doesn’t seem to be available for VODs. Is there a way to embed VODs via an iframe?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.