Manualshelf

Specifications

ManualsBrandsApache ManualsGadgetsMP3-341
201202203204205206207208209210
CHAPTER 10
204
About cross-domain RSLs
Cross-domain RSLs can be used by applications in any domain or sub-domain. The benefits of cross-domain RSLs
are the same as standard RSLs, but they are not restricted to being in the same domain as the application that loads
them. This lets you use the same RSL in multiple applications that are in different domains.
To use a cross-domain RSL that is located on a remote server, the remote server must have a crossdomain.xml file
that allows access from the applications domain. The easiest way to do this is to add a crossdomain.xml file to the
servers root. To ensure that applications from any domain can access the RSL SWF file, you can use an open cross-
domain.xml file such as the following:
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>
This is not a best practice, however, because it allows requests from any domain to load the RSL, and other assets,
from your server. You should instead restrict requests to only those domains that you trust by narrowing the
entries in the
domain attribute. For more information, see “Using cross-domain policy files” on page 40.
You can store the crossdomain.xml file anywhere on the target server. When you compile a cross-domain RSL,
you can specify the location of the crossdomain.xml file, and the application will look to that location to get
permission to load the RSL. If you do not specify the location of the crossdomain.xml file when you compile your
application, the application looks in the servers root directory by default.
Cross-domain RSLs can fail to load into a Flex application under the following conditions:
The server on which the RSL is located fails
The network fails, so remote files cannot be loaded
The digest of the RSL when the application was compiled does not match the digest of the RSL when it is
loaded
The crossdomain.xml file is absent from the RSLs server
Cross-domain RSLs support a backup mechanism where a failover RSL can be loaded in the case of a server
failure. If the server on which the main RSL fails, Flash Player will try to load a failover RSL whose location you
specify when you compile the application.
About RSL digests
To ensure that the cross-domain RSL is coming from the trusted party, Flash Player reads the bytes of the
incoming RSL and computes a one-way hash, or digest. The digest must match the digest that was stored in the
application at compile time when the application was linked to the cross-domain RSL. If the RSLs digest matches
the known digest, then Flash Player loads the cross-domain RSL. If the digests do not match, Flash Player displays
an error message and does not load the RSL.