MACROMEDIA FLASH MX 2004 - ACTIONSCRIPT Reference Manual page 190

About allowing HTTP to HTTPS protocol access between SWF files
As discussed in the previous section, you must use an
a SWF file in one domain to be accessed by a SWF file in another domain. However, if the SWF
being accessed is hosted at a site that uses a secure protocol (HTTPS), the
or method doesn't permit access from a SWF file hosted at a site that uses an insecure protocol. To
permit such access, you must use the
System.security.allowInsecureDomain()
For example, if the SWF file at https://www.someSite.com/data.swf must allow access by a SWF
file at http://www.someSite.com, the following code added to data.swf allows such access:
// Within data.swf
System.security.allowInsecureDomain("www.someSite.com");
my_lc.allowInsecureDomain = function(sendingDomain) {
return(sendingDomain=="www.someSite.com");
}
About allowing cross-domain data loading
A Flash document can load data from an external source by using one of the following data
loading calls:
XML.load()
LoadVars.sendAndLoad()
import runtime shared libraries, or assets defined in another SWF file, at runtime. By default, the
data or SWF media, in the case of runtime shared libraries, must reside in the same domain as the
SWF that is loading that external data or media.
To make data and assets in runtime shared libraries available to SWF files in different domains,
use a cross-domain policy file. A cross-domain policy file is an XML file that provides a way for the
server to indicate that its data and documents are available to SWF files served from certain
domains, or from all domains. Any SWF file that is served from a domain specified by the server's
policy file will be permitted to access data or assets from that server.
When a Flash document attempts to access data from another domain, Flash Player automatically
attempts to load a policy file from that domain. If the domain of the Flash document that is
attempting to access the data is included in the policy file, the data is automatically accessible.
Policy files must be named crossdomain.xml and reside at the root directory of the server that is
serving the data. Policy files function only on servers that communicate over HTTP, HTTPS, or
FTP. The policy file is specific to the port and protocol of the server where it resides.
For example, a policy file located at https://www.macromedia.com:8080/crossdomain.xml will
apply only to data loading calls made to www.macromedia.com over HTTPS at port 8080.
An exception to this rule is the use of an XMLSocket object to connect to a socket server in
another domain. In that case, an HTTP server running on port 80 in the same domain as the
socket server must provide the policy file for the method call.
190 Chapter 10: Working with External Data
LocalConnection.allowInsecure Domain()
statements.
,
XML.sendAndLoad()
, ,
loadVariables()
handler or method to permit
allowDomain
, ,
LoadVars.load()
loadVariablesNum()
handler
allowDomain
or
. Also, a SWF file can