Unlimited logo can be loaded from anywhere even when deploying from Service Domain

google-code-export / flowplayer-core

Automatically exported from code.google.com/p/flowplayer-core

2 stars 0 forks source link

Unlimited logo can be loaded from anywhere even when deploying from Service Domain #532

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago

What steps will reproduce the problem?
1. Sample: http://flowplayer.blacktrash.org/test/unlimited-logo.html

What is the expected output? What do you see instead?
Expected: logo can only be loaded from Service Domain
Instead: logo can be loaded from anywhere

See also issue531 - this might also be a regression, although I don't have 
3.2.7 for comparison.

Isn't that a security risk? Intentional?

Original issue reported on code.google.com by blacktrashproduct on 30 Apr 2012 at 8:45

GoogleCodeExporter commented 9 years ago

well, at least anyone who knows the URL of an unlimited player could "steal" 
the lincese and add his own branding.

Original comment by stylebit...@gmail.com on 1 May 2012 at 7:16