User Guide

ManualsBrandsMacromedia ManualsOtherFLASH MX 2004-USING ACTIONSCRIPT IN FLASH

291

292

293

294

295

296

297

298

299

300

292 Chapter 11: Working with External Data

A policy file that contains no <allow-access-from> tags has the same effect as not having a

policy on a server.

About custom policy file locations

Flash Player 7 (7.0.19.0) supports a new method called

System.security.loadPolicyFile.

This method lets you specify a custom location on a server where a cross domain policy file can be

found, so it does not need to be in the root directory. Flash Player 7 (7.0.14.0) only searched for

policy files in the root location of a server, but it can be inconvenient for a site administrator to

place this file in the root directory. For more information on the

loadPolicyFile method and

XMLSocket connections, see “About XMLSocket policy files” on page 293 and

System.security.loadPolicyFile in Flash ActionScript Language Reference.

If you use the

loadPolicyFile method, a site administrator can place the policy file in any

directory, as long as the SWF files that need to use the policy file call

loadPolicyFile to tell

Flash Player where the policy file is located. However, policy files not placed in the root directory

have a limited scope. The policy file only allows access to locations at or below its own level in the

server’s hierarchy.

The

loadPolicyFile method is available only in Flash Player 7 (7.0.19.0) or greater. Authors of

SWF files using the

loadPolicyFile method must do one of the following:

• Require Flash Player 7 (7.0.19.0) or later.

• Arrange for the site where the data is coming from to have a policy file in the default location

(the root directory) as well as in the non-default location. Earlier versions of Flash Player will

use the default location.

Otherwise, authors must create SWF files so a failure of a cross-domain loading operation is

implemented.

Caution: If your SWF file relies on loadPolicyFile, visitors with Flash Player 6 or earlier or Flash Player

(7.0.19.0) or later will not have problems. However, visitors with Flash Player 7 (7.0.14.0) will not

have support for loadPolicyFile.

If you want to use a policy file in a custom location on the server, you must call

System.security.loadPolicyFile before you make any requests that depend on the policy file,

such as the following:

System.security.loadPolicyFile

("http://www.foo.com/folder1/folder2/crossdomain.xml");

var my_xml:XML = new XML();

my_xml.load("http://www.foo.com/folder1/folder2/myData.xml");

You can load several policy files with overlapping scopes using loadPolicyFile. For all requests,

Flash Player tries to consult all the files whose scope includes the location of the request. If one

policy file fails to grant cross domain access, another file is not prevented from granting access to

data. If all access attempts fail, Flash Player looks in the default location of the crossdomain.xml

file (in the in the root directory). The request fails if no policy file is found in the default location.