Table of Contents
Advertisement
If data to be loaded is on a HTTPS server, but the SWF file loading it is on an HTTP server,
Adobe recommends that you move the loading SWF file to an HTTPS server so that you can
keep all copies of your secure data under the protection of HTTPS. However, if you decide
that you must keep the loading SWF file on an HTTP server, add the
attribute to the
<allow-access-from>
<allow-access-from domain="www.example.com" secure="false" />
A policy file that contains no
policy on a server.
Socket policy files
ActionScript objects instantiate two different kinds of server connections: document-based
server connections and socket connections. ActionScript objects like Loader, Sound,
URLLoader, and URLStream instantiate document-based server connections, and these each
load a file from a URL. ActionScript Socket and XMLSocket objects make socket
connections, which operate with streaming data, not loaded documents. Flash Player supports
two kinds of policy files: document-based policy files and socket policy files. Document-based
connections require document-based policy files, while socket connections require socket
policy files.
Flash Player requires that a policy file be transmitted using the same kind of protocol that the
attempted connection wishes to use. For example, when you place a policy file on your HTTP
server, SWF files from other domains are allowed to load data from it as an HTTP server.
However, by not providing a socket policy file at the same server, you are forbidding SWF files
from other domains to connect to the server at the socket level. The means by which a socket
policy file is retrieved must match the means of connecting.
A policy file served by a socket server has the same syntax as any other policy file, except that
it must also specify the ports to which it grants access. When a policy file comes from a port
number that is less than 1024, it may grant access to any ports; when a policy file comes from
port 1024 or higher, it may only grant access to ports 1024 and higher. The allowed ports are
specified in a
to-ports
port ranges, and wildcards are accepted values.
Here is an example XMLSocket policy file:
<cross-domain-policy>
<allow-access-from domain="*" to-ports="507" />
<allow-access-from domain="*.example.com" to-ports="507,516" />
<allow-access-from domain="*.example2.com" to-ports="516-523" />
<allow-access-from domain="www.example2.com" to-ports="507,516-523" />
<allow-access-from domain="www.example3.com" to-ports="*" />
</cross-domain-policy>
458
Flash Player Security
tag, as shown in the following code:
<allow-access-from>
attribute in the
<allow-access-from>
secure="false"
tags has the same effect as not having a
tag. Single port numbers,
Advertisement
Chapters
Table of Contents
