HTTP to HTTPS protocol access between SWF files 707
HTTP to HTTPS protocol access
between SWF files
You must use an allowDomain handler or method to permit a SWF file in one domain to be
accessed by a SWF file in another domain. However, if the SWF file being accessed is hosted
at a site that uses a secure protocol (HTTPS), the
allowDomain handler or method doesn’t
permit access from a SWF file hosted at a site that uses an insecure protocol. To permit such
access, you must use the
LocalConnection.allowInsecure Domain() or
System.security.allowInsecureDomain() statements. See “Allowing HTTP to HTTPS
protocol access between SWF files” on page 707 for more information.
Allowing HTTP to HTTPS protocol access between
SWF files
In addition to the exact-domain matching rules, you must explicitly permit files hosted at sites
using a secure protocol (HTTPS) to be accessed by files hosted at sites using an insecure
protocol. Depending on whether the called file is published for Flash Player 6, 7, or 8, you
must implement either one of the
allowDomain statements (see “Cross-domain and
subdomain access between SWF files” on page 696), or use the
LocalConnection.allowInsecure Domain or
System.security.allowInsecureDomain() statements.
For example, if the SWF file at https://www.someSite.com/data.swf must allow access by
a SWF file at http://www.someSite.com, the following code added to data.swf allows
this access:
// Within data.swf
System.security.allowInsecureDomain("www.someSite.com");
my_lc.allowInsecureDomain = function(sendingDomain:String):Boolean {
return (sendingDomain == "www.someSite.com");
};
WARNING
Implementing an allowInsecureDomain() statement compromises the security offered by
the HTTPS protocol. You should make these changes only if you can’t reorganize your
site so that all SWF files are served from the HTTPS protocol.
To Next Page
Loading...