About domains, cross-domain security, and SWF files 699
Because Flash Player 7 and later versions implement exact-domain matching rules instead of
superdomain matching rules, you might have to modify existing scripts if you want to read
them from files that are published for Flash Player 7 or 8. (You can still publish the modified
files for Flash Player 6.) If you used any
LocalConnection.allowDomain() or
System.security.allowDomain() statements in your files and specified superdomain sites
to permit, you must change your parameters to specify exact domains instead. The following
example shows changes you might have to make if you have Flash Player 6 code:
// Flash Player 6 commands in a SWF file at www.anyOldSite.com
// to allow access by SWF files that are hosted at www.someSite.com
// or at store.someSite.com
System.security.allowDomain("someSite.com");
my_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="someSite.com");
}
// Corresponding commands to allow access by SWF files
// that are published for Flash Player 7 or later
System.security.allowDomain("www.someSite.com", "store.someSite.com");
my_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="www.someSite.com" ||
sendingDomain=="store.someSite.com");
}
You might also have to add statements such as these to your files if you aren’t currently using
them. For example, if your SWF file is hosted at www.someSite.com and you want to allow
access by a SWF file published for Flash Player 7 or later at store.someSite.com, you must add
statements such as the following example to the file at www.someSite.com (you can still
publish the file at www.someSite.com for Flash Player 6):
System.security.allowDomain("store.someSite.com");
my_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="store.someSite.com");
}
In addition, consider that if a Flash Player 6 application running in Flash Player 7 tries to
access data outside its exact domain, Flash Player 7 and later domain-matching rules are
enforced and the user is prompted to allow or deny access.
To summarize, you might have to modify your files to add or change
allowDomain statements
if you publish files for Flash Player 7 or later that meet the following conditions:
■ You implemented cross-SWF file scripting (see “Allowing data access between cross-
domain SWF files” on page 700).
■ The called SWF file (of any version) is not hosted at a site using a secure protocol
(HTTPS), or the calling and called SWF files are both hosted at HTTPS sites. (If only the
called SWF file is HTTPS, see “HTTP to HTTPS protocol access between SWF files”
on page 707.)
To Next Page
Loading...