Porting existing scripts to Flash Player 7 19
You have to make the following changes:
• If the called SWF file is published for Flash Player 7, include System.security.allowDomain
or
LocalConnection.allowDomain in the called SWF file, using exact domain-
name matching.
• If the called SWF file is published for Flash Player 6, modify the called file to add or change a
System.security.allowDomain or LocalConnection.allowDomain statement, using exact
domain-name matching, as shown in the code examples earlier in this section. You can publish
the modified file for either Flash Player 6 or 7.
• If the called SWF file is published for Flash Player 5 or earlier, port the called file to
Flash Player 6 or 7 and add a
System.security.allowDomain statement, using exact
domain-name matching, as shown in the code examples earlier in this section.
(LocalConnection objects aren’t supported in Flash Player 5 or earlier.)
HTTP to HTTPS protocol access between SWF files
As discussed in the previous section, rules for cross-domain and subdomain access have changed
in Flash Player 7. In addition to the exact-domain matching rules now being implemented, you
must explicitly permit files hosted at sites using a secure protocol (HTTPS) to be accessed by files
hosted at sites using an insecure protocol. Depending on whether the called file is published for
Flash Player 7 or Flash Player 6, you must implement either one of the
allowDomain statements
(see “Cross-domain and subdomain access between SWF files” on page 17), or use the new
LocalConnection.allowInsecure Domain or System.security.allowInsecureDomain()
statements.
Warning: Implementing an allowInsecureDomain() statement compromises the security offered
by the HTTPS protocol. You should make these changes only if you can’t reorganize your site so that
all SWF files are served from the HTTPS protocol.
The following code shows an example of the kinds of changes you might have to make:
// Commands in a Flash Player 6 SWF file at https://www.someSite.com
// to allow access by Flash Player 7 SWF files that are hosted
// at http://www.someSite.com or at http://www.someOtherSite.com
System.security.allowDomain("someOtherSite.com");
my_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="someOtherSite.com");
}
// Corresponding commands in a Flash Player 7 SWF file
// to allow access by Flash Player 7 SWF files that are hosted
// at http://www.someSite.com or at http://www.someOtherSite.com
System.security.allowInsecureDomain("www.someSite.com",
"www.someOtherSite.com");
my_lc.allowInsecureDomain = function(sendingDomain) {
return(sendingDomain=="www.someSite.com" ||
sendingDomain=="www.someOtherSite.com");
}
You might also have to add statements like these to your files if you aren’t currently using them.
A modification might be necessary even if both files are in same domain (for example, a file in
http://www.domain.com is calling a file in https://www.domain.com).
To Next Page
Loading...