MACROMEDIA FLASH MX 2004-USING ACTIONSCRIPT IN FLASH Use Manual page 290

Now the
getData
Notice that
allowDomain
file in the domain permitting the access, unless the SWF file being accessed is hosted on a site
using a secure protocol (HTTPS). In this case, you must use
; see the following section.
allowDomain
For more information on domain-name matching, see
on page 288.
About allowing HTTP to HTTPS protocol access between SWF files
As discussed in the previous section, you must use an
a SWF file in one domain to be accessed by a SWF file in another domain.However, if the SWF
file being accessed is hosted at a site that uses a secure protocol (HTTPS), the
handler or method doesn't permit access from a SWF file hosted at a site that uses an insecure
protocol. To permit such access, you must use the
or
System.security.allowInsecureDomain()
For example, if the SWF file at https://www.someSite.com/data.swf must allow access by a SWF
file at http://www.someSite.com, the following code added to data.swf allows this access:
// Within data.swf
System.security.allowInsecureDomain("www.someSite.com");
my_lc.allowInsecureDomain = function(sendingDomain) {
return(sendingDomain=="www.someSite.com");
}
About allowing cross-domain data loading
A Flash document can load data from an external source by using one of the following data
loading calls:
XML.load()
LoadVars.sendAndLoad()
import runtime shared libraries, or assets defined in another SWF file, at runtime. By default, the
data or SWF media, in the case of runtime shared libraries, must reside in the same domain as the
SWF file that is loading that external data or media.
To make data and assets in runtime shared libraries available to SWF files in different domains,
use a cross-domain policy file. A cross-domain policy file is an XML file that provides a way for the
server to indicate that its data and documents are available to SWF files served from certain
domains or from all domains. Any SWF file that is served from a domain specified by the server's
policy file will be permitted to access data or assets from that server.
When a Flash document attempts to access data from another domain, Flash Player automatically
attempts to load a policy file from that domain. If the domain of the Flash document that is
attempting to access the data is included in the policy file, the data is automatically accessible.
Policy files must be named crossdomain.xml, and can reside either at the root directory or in
another directory on the server that is serving the data with some additional ActionScript (see
"About custom policy file locations" on page
communicate over HTTP, HTTPS, or FTP. The policy file is specific to the port and protocol of
the server where it resides.
290 Chapter 11: Working with External Data
function in the loaded SWF file can be called by the macromedia.swf file.
permits any SWF file in the allowed domain to script any other SWF
,
XML.sendAndLoad()
,
loadVariables()
allowInsecureDomain
"Flash Player security features"
allowDomain
LocalConnection.allowInsecure Domain()
statements.
,
LoadVars.load()
,
loadVariablesNum()
292). Policy files function only on servers that
instead of
handler or method to permit
allowDomain
,
. Also, a SWF file can