Table of Contents
Advertisement
When policy files were first introduced in Flash Player 6, there was no support for socket
policy files. Connections to socket servers were authorized by a policy file from the default
location of the cross-domain policy file on an HTTP server on port 80 of the same host as the
socket server. To make it possible to preserve existing server arrangements, Flash Player 9 still
supports this capability. However, Flash Player's default is now to retrieve a socket policy file
on the same port as the socket connection. If you wish to use an HTTP-based policy file to
authorize a socket connection, you must explicitly request the HTTP policy file using code
such as the following:
Security.loadPolicyFile("http://socketServerHost.com/crossdomain.xml")
In addition, in order to authorize socket connections, an HTTP policy file must come only
from the default location of the cross-domain policy file, and not from any other HTTP
location. A policy file obtained from an HTTP server implicitly authorizes socket access to all
ports 1024 and above; any
For more information on socket policy files, see
Preloading policy files
Loading data from a server or connecting to a socket is an asynchronous operation, and Flash
Player simply waits for the cross-domain policy file to finish downloading before it begins the
main operation. However, extracting pixel data from images or extracting sample data from
sounds is a synchronous operation—the cross-domain policy file must load before you can
extract data. When you load the media, you need to specify that it check for a cross-domain
policy file:
When using the
■
Loader.load()
parameter, which is a LoaderContext object.
context
When embedding an image in a text field using the
■
attribute of the
<img>
"true" src = "example.jpg">
When using the
Sound.load()
■
parameter, which is a SoundLoaderContext object.
context
When using the NetStream class, set the
■
object.
When you set one of these parameters, Flash Player first checks for any policy files that it
already has downloaded for that domain. Then it considers any pending calls to the
Security.loadPolicyFile()
are. Then it looks for the cross-domain policy file in the default location on the server.
attributes in an HTTP policy file are ignored.
to-ports
method, set the
tag to
, as in the following:
"true"
.
method, set the
checkPolicyFile
method to see if they are in scope, and waits for those if they
"Connecting to sockets" on page
checkPolicyFile
tag, set the
<img>
<img checkPolicyFile =
checkPolicyFile
property of the NetStream
Overview of permission controls
477.
property of the
checkPolicyFile
property of the
459
Advertisement
Chapters
Table of Contents
