Server-side policy files for permitting access to data 705
If you want to use a policy file in a custom location on the server, you must call
System.security.loadPolicyFile before you make any requests that depend on the policy
file, such as the following:
System.security.loadPolicyFile("http://www.foo.com/folder1/folder2/
crossdomain.xml");
var my_xml:XML = new XML();
my_xml.load("http://www.foo.com/folder1/folder2/myData.xml");
You can load several policy files with overlapping scopes using loadPolicyFile. For all
requests, Flash Player tries to consult all the files whose scope includes the location of the
request. If one policy file fails to grant cross-domain access, another file is not prevented from
granting access to data. If all access attempts fail, Flash Player looks in the default location of
the crossdomain.xml file (in the root directory). The request fails if no policy file is found in
the default location.
About XMLSocket policy files
For an XMLSocket connection attempt, Flash Player 7 (7.0.14.0) looked for crossdomain.xml
on an HTTP server on port 80 in the subdomain to which the connection attempt was being
made. Flash Player 7 (7.0.14.0) and all earlier versions restricted XMLSocket connections to
ports 1024 and above. However, in Flash Player 7 (7.0.19.0) and later, ActionScript can
inform Flash Player of a nondefault location for a policy file using
System.security.loadPolicyFile. Any custom locations for XMLSocket policy files must
still be on an XML socket server.
In the following example, Flash Player retrieves a policy file from a specified URL:
System.security.loadPolicyFile("http://www.foo.com/folder/policy.xml");
Any permissions granted by the policy file at that location apply to all content at the same
level or below in the server’s hierarchy. Therefore, if you try to load the following data, you
discover you can only load data from certain locations:
myLoadVars.load("http://foo.com/sub/dir/vars.txt"); // allowed
myLoadVars.load("http://foo.com/sub/dir/deep/vars2.txt"); // allowed
myLoadVars.load("http://foo.com/elsewhere/vars3.txt"); // not allowed
To work around this, you can load more than one policy file into a single SWF file using
loadPolicyFile. Flash Player always waits for the completion of any policy file downloads
before denying a request that requires a policy file. Flash Player consults the default location of
crossdomain.xml if no other policies were authorized in the SWF file.
Special syntax allows policy files to be retrieved directly from an XMLSocket server:
System.security.loadPolicyFile("xmlsocket://foo.com:414");
To Next Page
Loading...