Manualshelf

User Guide

ManualsBrandsMacromedia ManualsOtherFLASH MX 2004-USING ACTIONSCRIPT IN FLASH
11121314151617181920
18 Chapter 1: What’s New in Flash MX 2004 ActionScript
HTTP to HTTPS protocol access between SWF files
As discussed in the previous section, rules for cross-domain and subdomain access have changed
in Flash Player 7. In addition to the exact-domain matching rules now being implemented, you
must explicitly permit files hosted at sites using a secure protocol (HTTPS) to be accessed by files
hosted at sites using an insecure protocol. Depending on whether the called file is published for
Flash Player 7 or 6, you must implement either one of the
allowDomain statements (see “Cross-
domain and subdomain access between SWF files” on page 15), or use the new
LocalConnection.allowInsecure Domain or System.security.allowInsecureDomain()
statements.
Warning: Implementing an allowInsecureDomain() statement compromises the security offered
by the HTTPS protocol. You should make these changes only if you can’t reorganize your site so that
all SWF files are served from the HTTPS protocol.
The following code shows an example of the changes you might have to make:
// Commands in a Flash Player 6 SWF file at https://www.someSite.com
// to allow access by Flash Player 7 SWF files that are hosted
// at http://www.someSite.com or at http://www.someOtherSite.com
System.security.allowDomain("someOtherSite.com");
my_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="someOtherSite.com");
}
// Corresponding commands in a Flash Player 7 SWF file
// to allow access by Flash Player 7 SWF files that are hosted
// at http://www.someSite.com or at http://www.someOtherSite.com
System.security.allowInsecureDomain("www.someSite.com",
"www.someOtherSite.com");
my_lc.allowInsecureDomain = function(sendingDomain) {
return(sendingDomain=="www.someSite.com" ||
sendingDomain=="www.someOtherSite.com");
}
You might also have to add statements such as these to your files if you arent currently using
them. A modification might be necessary even if both files are in same domain (for example, a file
in http://www.domain.com is calling a file in https://www.domain.com).
To summarize, you might have to modify your files to add or change statements if you publish
files for Flash Player 7 that meet the following conditions:
You implemented cross-SWF scripting (using loadMovie(), MovieClip.loadMovie(),
MovieClipLoader.LoadClip(), or Local Connection objects).
The calling file is not hosted using an HTTPS protocol, and the called file is HTTPS.
You must make the following changes:
If the called file is published for Flash Player 7, include
System.security.allowInsecureDomain or LocalConnection.allowInsecureDomain in
the called file, using exact domain-name matching, as shown in the code examples earlier in
this section. This statement is required even if the calling and called SWF files are in
same domain.