Reputation: 1416
can't get it to work: crossdomain.xml and Flash
I have a (self-created) swf demo with button triggering getUrl('SampleTargetPage.html')
Now I want to place the swf at our cdn at cdn.example.com while my html page resided on www.example.com
More structured:
www.example.com/test.html
cdn.example.com/someflash.swf
cdn.example.com/crossdomain.xml
I thought it would be sufficient to provide a crossdomain.xml at cdn.example.com to allow the links work. But: it seems like the Flash plugin never queries the crossdomain.xml at all!
Now, is there something which I must add in the SWF itself to make this work? Thanks a lot!
edit: do I need to use Security.loadPolicyFile? edit: Maybe I don't need the crossdomain.xml at all because everything's under *.example.com?
Upvotes: 3
Views: 6437
Answers (2)
Reputation: 1416
Found the problem! The solution was to set allowscriptaccess to 'always' in the flash params:
allowscriptaccess : 'always'
That's background info about the issue:
Starting with Flash Player 9, getURL (or navigateToURL) calls affecting "_self," "_parent," or "_top" were considered an interaction with the hosting HTML page. Starting with Flash Player 9 update 3, all calls to targets other than "_blank" are affected. This is to prevent untrusted SWF files embedded in the HTML page from re-navigating a browser page (or a frame within that page) without warning the user that they are now visiting a different third-party website. It also enforces cross domain scripting restrictions across all html frames.
To protect HTML pages from untrusted SWF files, Flash Player supports the HTML parameter AllowScriptAccess in the and tags that display Flash content. AllowScriptAccess can have three values:
- "always": permits the SWF file to interact with the HTML page in all cases.
- "sameDomain": permits the SWF file to interact with the HTML page only when their domains match exactly. By default, the HTML publish templates in the Adobe Flash authoring application output HTML that specifiesAllowScriptAccess="sameDomain", as this is frequently the desired security behavior.
- "never": completely prevents the SWF file from interacting with the HTML page.
Calling getURL (or navigateToURL ) now falls under the control of the AllowScriptAccess parameter. In other words, AllowScriptAccess must either be "always" or "sameDomain," and the domains of the HTML page and SWF file must match exactly. Otherwise, the call to getURL (or navigateToURL) will fail.
This is a new behavior introduced in Flash Player 9 to comply with the security model and affects all SWF versions. Adobe is aware that this may change the behavior of some SWF media deployed before the release of Flash Player 9, and we apologize for any inconvenience this may cause.
Upvotes: 5
Reputation: 13
The crossdomain.xml file should be at the root of the site and list all the domain that have access to the files within. You can also set you file to allow all, if you want.
Notice that in the this example below i used a wildcard (*) instead of a subdomain so i can give access to all sub-domains that fall within my main domain. The first two entries is just examples of specific external sites if you want to be restrictive about that. but you can always just do a ..* to allow all.
The contents will look like this:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.siteone.com" />
<allow-access-from domain="sitetwo.com" />
<allow-access-from domain="*.mysite.com" />
</cross-domain-policy>
Upvotes: 0
Related Questions
- crossdomain.xml not working (Flash/Flex)
- Where exactly should i add crossdomain.xml file?
- flash: crossdomain.xml is ignored
- flex crossdomain doesn't work
- About crossdomain.xml file and flash
- Help With Cross Domain Flash Variables
- Trouble with crossdomain.xml
- How to use crossdomain.xml for my flash project...?
- Flash Security Sandbox: crossDomain.xml not working
- crossdomain.xml not working