User Guide
384 Networking and Communication
Connecting to SWF documents in different domains
To allow communications only from specific domains, you call the allowDomain() or
allowInsecureDomain() method of the LocalConnection class and pass a list of one or more
domains that are allowed to access this LocalConnection object.
In earlier versions of ActionScript,
LocalConnection.allowDomain() and
LocalConnection.allowInsecureDomain() were callback methods that had to be
implemented by developers and that had to return a Boolean value. In ActionScript 3.0,
LocalConnection.allowDomain() and LocalConnection.allowInsecureDomain() are
both built-in methods, which developers can call just like
Security.allowDomain() and
Security.allowInsecureDomain(), passing one or more names of domains to be allowed.
There are two special values that you can pass to the
LocalConnection.allowDomain() and
LocalConnection.allowInsecureDomain() methods: * and localhost. The asterisk value
(*) allows access from all domains. The string localhost allows calls to the SWF file from
SWF files that are locally installed.
Flash Player 8 introduced security restrictions on local SWF files. A SWF file that is allowed
to access the Internet cannot also have access to the local file system. If you specify
localhost, any local SWF file can access the SWF file. If the LocalConnection.send()
method attempts to communicate with a SWF file from a security sandbox to which the
calling code does not have access, a
securityError event
(SecurityErrorEvent.SECURITY_ERROR) is dispatched. To work around this error, you can
specify the caller's domain in the receiver's
LocalConnection.allowDomain() method.
If you implement communication only between SWF files in the same domain, you can
specify a
connectionName parameter that does not begin with an underscore (_) and does not
specify a domain name (for example,
myDomain:connectionName). Use the same string in the
LocalConnection.connect(connectionName) command.