698 Understanding Security
The opposite situation can also occur; that is, you might create a child SWF file that wants to
allow its parent to script it, but doesn’t know what the domain of its parent SWF file will be
(meaning, it’s a SWF file that might be loaded by a variety of domains). In this situation, call
System.security.allowDomain(_parent._url) from the child SWF file. You don’t have
to wait for the parent SWF file to load because it is loaded before the child file loads.
The following table summarizes domain-matching rules in different versions of Flash Player:
The versions that control the behavior of Flash Player are SWF file versions (the specified
Flash Player version of a SWF file), not the version of Flash Player itself. For example, when
Flash Player 8 is playing a SWF file published for version 7, Flash Player applies behavior that
is consistent with version 7. This practice ensures that player upgrades do not change the
behavior of
System.security.allowDomain() in deployed SWF files.
NOTE
If the Internet SWF file being accessed is loaded from an HTTPS URL, the Internet SWF
file must call
System.security.allowInsecureDomain("*").
Files published for
Flash Player
Cross-domain access
between SWF files
(allowDomain() is needed)
Subdomain access
between SWF files
5 or earlier No restrictions No restrictions
6 Superdomain matching:
allowDomain() is needed if
superdomains do not match.
No restrictions
7 and later Exact domain matching
Explicit permission for HTTPS-
hosted files to access HTTP- or
FTP-hosted files
Exact domain matching
Explicit permission for HTTPS-
hosted files to access HTTP- or
FTP-hosted files
NOTE
You need System.security.allowInsecureDomain in Flash Player 7 and later if you are
performing HTTP-to-HTTPS access, even if you have exact-domain matching.
To Next Page
Loading...