See https://groups.google.com/forum/#!topic/twitch-api/0XXwHUYO8Vo for context as to why im using value=“sameDomain”.
Problem:
I was using this param value when I embed streams:
param name=“allowScriptAccess” value=“sameDomain”
to open a new tab when redirecting to the twitch.tv/channel,
However, this hack doesn’t seem to work anymore and I would like some closure or insight as to why.
I came here for the same reason. As a good practice, I never give Flash objects access to my own page. They should generally not need it and it protects me in the event Twitch is compromised. With allowScriptAccess=always, if an attacker gained access to Twitch’s player they could use it as a vector into anybody’s site.
Why does the new player require elevated permissions now? It puts third-party websites at risk for no apparent benefit.
You could always use the IFrame embed player, http://www.twitch.tv/CHANNEL/embed, if you’re worried about sandboxing.
I’d love to but it doesn’t seem to be available for VODs. Is there a way to embed VODs via an iframe?
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.