allowScriptAccess and allowNetworking(/credentialAllowList) are security-critical Ruffle settings; we should have a convenient Flash test case to ensure that they’re working. And maybe even put Ruffle in a sandboxed iframe, because its sparse security-related documentation is kind of worrying. Thankfully, it’s click-to-load.
allowScriptAccess
andallowNetworking
(/credentialAllowList
) are security-critical Ruffle settings; we should have a convenient Flash test case to ensure that they’re working. And maybe even put Ruffle in a sandboxed iframe, because its sparse security-related documentation is kind of worrying. Thankfully, it’s click-to-load.