All geek questions in one place

How to call Flex SWF from a remote domain using Flash (AS3)?

I have Flex swf hosted at http://www.a.com/a.swf . I have a flash code on another doamin that is trying to load SWF:

_loader = new Loader(); var req:URLRequest = new URLRequest("http://services.nuconomy.com/n.swf"); _loader.contentLoaderInfo.addEventListener(Event.COMPLETE,onLoaderFinish); _loader.load(req);

In the onLoaderFinish event, I try to load classes from a remote SWF and create them:

 _loader.contentLoaderInfo.applicationDomain.getDefinition("someClassName") as Class

When this code works, I get the following exception

 SecurityError: Error #2119: Security sandbox violation: caller http://localhost.service:1234/flashTest/Main.swf cannot access LoaderInfo.applicationDomain owned by http://www.b.com/b.swf. at flash.display::LoaderInfo/get applicationDomain() at NuconomyLoader/onLoaderFinish()

Is there any way to make this code work?

+2
source share
3 answers

All of this is described in Adobe Flex 3 Programming ActionScript 3 PDF on page 550 (Chapter 27: Flash Player Security / Crossite Scripting):

If two SWF files written using ActionScript 3.0 are submitted from different domains - for example, http://siteA.com/swfA.swf and http://siteB.com/swfB.swf - then, by default, Flash Player does not resolves swfA.swf before script swfB.swf, not swfB.swf before script swfA.swf, the SWF file allows SWF files from other domains by calling Security.allowDomain (). By invoking Security.allowDomain ("siteA.com"), swfB.swf provides SWF files with siteA.com permission to the script.

This is more detailed, with diagrams and all.

+6
source

You need the crossdomain.xml policy file on the server with the file you are loading, it should look something like this:

 <?xml version="1.0"?> <!-- http://www.foo.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="www.friendOfFoo.com" /> <allow-access-from domain="*.foo.com" /> <allow-access-from domain="105.216.0.40" /> </cross-domain-policy>

Put it as crossdomain.xml in the root of the domain from which you are downloading.

You also need to install a bootloader to read this file as such:

 var loaderContext:LoaderContext = new LoaderContext(); loaderContext.checkPolicyFile = true; var loader:Loader = new Loader(); loader.contentLoaderInfo.addEventListener( Event.COMPLETE, onComplete ); loader.load( new URLRequest( "http://my.domain.com/image.png" ), loaderContext );

sample code extracted from http://blog.log2e.com/2008/08/15/when-a-cross-domain-policy-file-is-not-enough/

+2
source

Mayhaps System.Security.allowDomain is what you need?

0
source

Source: https://habr.com/ru/post/1346551/

More articles:


All Articles