Table of Contents
Advertisement
For example, a policy file located at https://www.macromedia.com:8080/crossdomain.xml
applies only to data loading calls made to www.macromedia.com over HTTPS at port 8080.
An exception to this rule is the use of an XMLSocket object to connect to a socket server in
another domain. In that case, an HTTP server running on port 80 in the same domain as the
socket server must provide the policy file for the method call.
An XML policy file contains a single
zero or more
<allow-access-from>
attribute,
, which specifies either an exact IP address, an exact domain, or a wildcard
domain
domain (any domain). Wildcard domains are indicated by either a single asterisk (
matches all domains and all IP addresses, or an asterisk followed by a suffix, which matches
only those domains that end with the specified suffix. Suffixes must begin with a dot.
However, wildcard domains with suffixes can match domains that consist of only the suffix
without the leading dot. For example, foo.com is considered to be part of *.foo.com.
Wildcards are not allowed in IP domain specifications.
If you specify an IP address, access is granted only to SWF files loaded from that IP address
using IP syntax (for example, http://65.57.83.12/flashmovie.swf ), not those loaded using
domain-name syntax. Flash Player does not perform DNS resolution.
The following example shows a policy file that permits access to Flash documents that
originate from foo.com, www.friendOfFoo.com, *.foo.com, and 105.216.0.40, from a Flash
document on foo.com:
<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="www.friendOfFoo.com" />
<allow-access-from domain="*.foo.com" />
<allow-access-from domain="105.216.0.40" />
</cross-domain-policy>
You can also permit access to documents originating from any domain, as shown in the
following example:
<?xml version="1.0"?>
<!-- http://www.foo.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
Each
<allow-access-from>
attribute defaults to
true
HTTPS server, and you want to allow SWF files on an HTTP server to load data from the
HTTPS server.
Setting the
attribute to
secure
<cross-domain-policy>
tags. Each
tag also has the optional
. You can set the attribute to
could compromise the security offered by HTTPS.
false
Server-side policy files for permitting access to data
tag, which, in turn, contains
<allow-access-from>
attribute. The
secure
if your policy file is on an
false
tag contains an
), which
*
secure
703
Hide quick links:
Advertisement
Table of Contents
Need help?
Do you have a question about the FLASH 8-LEARNING ACTIONSCRIPT 2.0 IN FLASH and is the answer not in the manual?