| |
| |
| |
| |
One SWF file can load another SWF file from any location on the Internet. However, in order for the two SWF files to be able to access each other's data (variables and objects), the two files must originate from the same domain. By default, in Flash Player 7 and later, the two domains must match exactly in order for the two files to share data. However, a SWF file may grant access to SWF files served from specific domains by calling LocalConnection.allowDomain or System.security.allowDomain().
For example, suppose main.swf is served from www.macromedia.com. That SWF file then loads another SWF file (data.swf) from data.macromedia.com into a movie clip instance (target_mc).
// In macromedia.swf
target_mc.loadMovie("http://data.macromedia.com/data.swf");
Furthermore, suppose that data.swf defines a method named getData() on its main Timeline. By default, main.swf cannot call the getData() method defined in data.swf once that file has loaded. This is because the two SWF files don't reside in the same domain. For example, the following method call in main.swf, once data.swf has loaded, will fail.
// In macromedia.swf, after data.swf has loaded: target_mc.getData(); // This method call will fail
However, data.swf may grant access to SWF files served from www.macromedia.com by using the LocalConnection.allowDomain handler or the System.security.allowDomain() method, depending on the type of access required. The following code, added to data.swf, allows a SWF file served from www.macromedia.com to access its variables and methods:
// Within data.swf
System.security.allowDomain("www.macromedia.com");
my_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="www.macromedia.com");
}
Notice that allowDomain permits any SWF file in the allowed domain to script any other SWF file in the domain permitting the access, unless the SWF file being accessed is hosted on a site using a secure protocol (HTTPS). In this case, you must use allowInsecureDomain instead of allowDomain; see About allowing HTTP to HTTPS protocol access between SWF files.
For more information on domain-name matching, see Flash Player security features.
| |
| |
| |
| |