Manualshelf

Specifications

ManualsBrandsApache ManualsGadgetsMP3-341
41424344454647484950
CHAPTER 3
40
Loading SWF files sandbox. To load an asset from a network address, you must ensure that your SWF file is
in either the remote or local-with-networking sandbox. To ensure that a SWF file can load assets over the network,
you must set the
use-network compiler option to true when you compile the Flex application. This is the default.
If the application was loaded from the local file system with
use-network set to false, the application is put in
the local-with-filesystem sandbox and it cannot load remote SWF files.
Loading assets from a remote location that you do not control can potentially expose your users to risks. For
example, the remote website B contains a SWF file that is loaded by your website A. This SWF file normally
displays an advertisement. However, if website B is compromised and its SWF file is replaced with one that asks
for a username and password, some users might disclose their login information. To prevent data submission, the
loader has a property called
allowNetworking with a default value of never.
Using cross-domain policy files
To make data available to SWF files in different domains, use a cross-domain policy file. A cross-domain policy file
is an XML file that provides a way for the server to indicate that its data and documents are available to SWF files
served from other domains. Any SWF file that is served from a domain that the servers policy file specifies is
permitted to access data or assets from that server.
When a Flash document attempts to access data from another domain, Flash Player attempts to load a policy file
from that domain. If the domain of the Flash document that is attempting to access the data is included in the
policy file, the data is automatically accessible.
The default policy file is named crossdomain.xml and resides at the root directory of the server that is serving the
data. The following example policy file permits access to Flash documents that originate from foo.com, friend-
OfFoo.com, *.foo.com, and 105.216.0.40:
<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="www.friendOfFoo.com"/>
<allow-access-from domain="*.foo.com"/>
<allow-access-from domain="105.216.0.40"/>
</cross-domain-policy>
You can also configure ports in the crossdomain.xml file. For more information about crossdomain.xml policy
files, see Programming ActionScript 3.0.
You can use the loadPolicyFile() method to access a nondefault policy file.