External data not accessible outside a Flash movie's domain
640 days ago
For security reasons, a Macromedia Flash movie playing in a web browser is not allowed to access data that resides outside the exact web domain from which the SWF originated.
As an enhancement to Macromedia Flash Player 7, domains must be identical for data to be read. With this change a sub-domain can no longer read data from a parent domain and vice versa.
Cross-domain policy files
Another change to the Flash Player 7 framework is the use of cross-domain policy files. A policy file is a simple XML file that gives the Flash Player permission to access data from a given domain without displaying a security dialog. When placed on a server, it tells the Flash Player to allow direct access to data on that server, without prompting the user grant access.
The server can be in any location available to the Flash movie and does not have to be in the same domain. Cross-domain policy files, named crossdomain.xml, are placed at the root level of a server. When using a policy file you can use a wildcard character (*) in a domain name. For more information on policy files see Why Use Policy Files below.
Note: When serving a policy file, you must not use a cross-domain redirect, or the player will ignore the policy file.
Cross-domain file access
This applies to any ActionScript command or object that sends or receives data, including loadVariables, the XMLSocket object methods, and the XML object send andsendAndLoad commands.
Flash Player follows specific guidelines to determine domain compatibility. Refer to Domain Comparison below for details.
Descriptions and ways to address the following issues are outlined below.
You cannot load variables or XML data into a Flash movie from another domain.
Data cannot be returned to Flash from an incompatible domain (Flash Player 6,0,47,0 and above)
Flash movies loaded from incompatible domains cannot access ActionScript objects and variables (Flash 6 and above SWF files)
As an enhancement to Macromedia Flash Player 7, domains must be identical for data to be read. With this change a sub-domain can no longer read data from a parent domain and vice versa.
Cross-domain policy files
Another change to the Flash Player 7 framework is the use of cross-domain policy files. A policy file is a simple XML file that gives the Flash Player permission to access data from a given domain without displaying a security dialog. When placed on a server, it tells the Flash Player to allow direct access to data on that server, without prompting the user grant access.
The server can be in any location available to the Flash movie and does not have to be in the same domain. Cross-domain policy files, named crossdomain.xml, are placed at the root level of a server. When using a policy file you can use a wildcard character (*) in a domain name. For more information on policy files see Why Use Policy Files below.
Note: When serving a policy file, you must not use a cross-domain redirect, or the player will ignore the policy file.
Cross-domain file access
This applies to any ActionScript command or object that sends or receives data, including loadVariables, the XMLSocket object methods, and the XML object send andsendAndLoad commands.
Flash Player follows specific guidelines to determine domain compatibility. Refer to Domain Comparison below for details.
Descriptions and ways to address the following issues are outlined below.
You cannot load variables or XML data into a Flash movie from another domain.
Data cannot be returned to Flash from an incompatible domain (Flash Player 6,0,47,0 and above)
Flash movies loaded from incompatible domains cannot access ActionScript objects and variables (Flash 6 and above SWF files)