User Guide

ManualsBrandsMacromedia ManualsOtherFLASH MX 2004-USING ACTIONSCRIPT IN FLASH

16 Chapter 1: What’s New in Flash MX 2004 ActionScript

In files published for Flash Player 5 or earlier, there were no restrictions on cross-domain or

subdomain access.

In files published for Flash Player 6, you could use the

LocalConnection.allowDomain handler

System.security.allowDomain() method to specify permitted cross-domain access (for

example, to let a file at someSite.com be accessed by a file at someOtherSite.com), and no

command was needed to permit subdomain access (for example, a file at www.someSite.com

could be accessed by a file at store.someSite.com).

Files published for Flash Player 7 implement access between SWF files differently from earlier

versions in two ways. First, Flash Player 7 implements exact-domain matching rules instead of

superdomain matching rules. Therefore, the file being accessed (even if it is published for a Player

version earlier than Flash Player 7) must explicitly permit cross-domain or subdomain access; this

topic is discussed in this section. Second, a file hosted at a site using a secure protocol (HTTPS)

must explicitly permit access from a file hosted at a site using an insecure protocol (HTTP or

FTP); this topic is discussed in the next section (see “HTTP to HTTPS protocol access between

SWF files” on page 18).

The following table summarizes domain-matching rules in different versions of Flash Player:

Because Flash Player 7 implements exact-domain matching rules instead of superdomain

matching rules, you might have to modify existing scripts if you want to access them from files

that are published for Flash Player 7. (You can still publish the modified files for Flash Player 6.)

If you used any

LocalConnection.allowDomain() or System.security.allowDomain()

statements in your files and specified superdomain sites to permit, you must change your

parameters to specify exact domains instead. The following code shows an example of changes

you might have to make:

// Flash Player 6 commands in a SWF file at www.anyOldSite.com

// to allow access by SWF files that are hosted at www.someSite.com

// or at store.someSite.com

System.security.allowDomain("someSite.com");

my_lc.allowDomain = function(sendingDomain) {

return(sendingDomain=="someSite.com");

}

// Corresponding commands to allow access by SWF files

// that are published for Flash Player 7

System.security.allowDomain("www.someSite.com", "store.someSite.com");

my_lc.allowDomain = function(sendingDomain) {

return(sendingDomain=="www.someSite.com" ||

sendingDomain=="store.someSite.com");

}

Files published for Cross-domain access between

SWF files

Subdomain access between SWF

files

Flash Player 5 or earlier No restrictions No restrictions

Flash Player 6 Superdomain matching No restrictions

Flash Player 7 Exact domain matching

Explicit permission for HTTPS-

hosted files to access HTTP- or

FTP-hosted files

Exact domain matching

Explicit permission for HTTPS-

hosted files to access HTTP- or

FTP-hosted files