User Guide

ManualsBrandsMacromedia ManualsOtherFLASH MX 2004-USING ACTIONSCRIPT IN FLASH

281

282

283

284

285

286

287

288

289

290

290 Chapter 11: Working with External Data

Now the getData function in the loaded SWF file can be called by the macromedia.swf file.

Notice that

allowDomain permits any SWF file in the allowed domain to script any other SWF

file in the domain permitting the access, unless the SWF file being accessed is hosted on a site

using a secure protocol (HTTPS). In this case, you must use

allowInsecureDomain instead of

allowDomain; see the following section.

For more information on domain-name matching, see “Flash Player security features”

on page 288.

About allowing HTTP to HTTPS protocol access between SWF files

As discussed in the previous section, you must use an

allowDomain handler or method to permit

a SWF file in one domain to be accessed by a SWF file in another domain.However, if the SWF

file being accessed is hosted at a site that uses a secure protocol (HTTPS), the

allowDomain

handler or method doesn’t permit access from a SWF file hosted at a site that uses an insecure

protocol. To permit such access, you must use the

LocalConnection.allowInsecure Domain()

System.security.allowInsecureDomain() statements.

For example, if the SWF file at https://www.someSite.com/data.swf must allow access by a SWF

file at http://www.someSite.com, the following code added to data.swf allows this access:

// Within data.swf

System.security.allowInsecureDomain("www.someSite.com");

my_lc.allowInsecureDomain = function(sendingDomain) {

return(sendingDomain=="www.someSite.com");

}

About allowing cross-domain data loading

A Flash document can load data from an external source by using one of the following data

loading calls:

XML.load(), XML.sendAndLoad(), LoadVars.load(),

LoadVars.sendAndLoad(), loadVariables(), loadVariablesNum(). Also, a SWF file can

import runtime shared libraries, or assets defined in another SWF file, at runtime. By default, the

data or SWF media, in the case of runtime shared libraries, must reside in the same domain as the

SWF file that is loading that external data or media.

To make data and assets in runtime shared libraries available to SWF files in different domains,

use a cross-domain policy file. A cross-domain policy file is an XML file that provides a way for the

server to indicate that its data and documents are available to SWF files served from certain

domains or from all domains. Any SWF file that is served from a domain specified by the server’s

policy file will be permitted to access data or assets from that server.

When a Flash document attempts to access data from another domain, Flash Player automatically

attempts to load a policy file from that domain. If the domain of the Flash document that is

attempting to access the data is included in the policy file, the data is automatically accessible.

Policy files must be named crossdomain.xml, and can reside either at the root directory or in

another directory on the server that is serving the data with some additional ActionScript (see

“About custom policy file locations” on page 292). Policy files function only on servers that

communicate over HTTP, HTTPS, or FTP. The policy file is specific to the port and protocol of

the server where it resides.