All geek questions in one place

Cannot make it work: crossdomain.xml and Flash

I have a (self-prepared) swf demo with a button launching getUrl ('SampleTargetPage.html')

Now I want to host swf in our cdn at cdn.example.com while my html page was hosted at www.example.com

More structured:

www.example.com/test.html
cdn.example.com/someflash.swf
cdn.example.com/crossdomain.xml

I thought it was enough to provide crossdomain.xml on cdn.example.com to allow links to work. But: it looks like the Flash plugin never requests crossdomain.xml at all!

Now, is there something I need to add to SWF itself to make this work? Many thanks!

edit: do I need to use Security.loadPolicyFile? edit: Maybe I don’t need crossdomain.xml, because everything is under * .example.com?

+3
source share
2 answers

Found a problem! The solution was to set allowcriptaccess to "always" in the flash options:

 allowscriptaccess : 'always'

This background information about the problem:

Starting with Flash Player 9, calls to getURL (or navigateToURL) involving "_self", "_parent" or "_top" are considered interactions with the hosting HTML page. Starting with Flash Player 9 3, all calls for purposes other than "_blank" are affected. This is to prevent unreliable SWF files embedded in the HTML page from reviewing the browser page (or frame on this page) without warning the user that they are currently visiting another third-party website. It also sets scripting restrictions for all domains.

HTML- SWF , Flash Player HTML AllowScriptAccess , Flash-. AllowScriptAccess :

  • "always": SWF HTML .
  • "sameDomain" : SWF HTML- , . HTML Adobe Flash HTML, AllowScriptAccess = "sameDomain" , .
  • "never": SWF HTML-.

getURL ( navigateToURL) AllowScriptAccess. , AllowScriptAccess "", "sameDomain" , HTML- SWF . getURL ( navigateToURL) .

, Flash Player 9, SWF. Adobe , SWF-, Flash Player 9, .

+5

crossdomain.xml , . , , .

, (*) , , . - , . .. *, .

:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy 
  SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
  <allow-access-from domain="www.siteone.com" />
  <allow-access-from domain="sitetwo.com" />
  <allow-access-from domain="*.mysite.com" />
</cross-domain-policy>
0

Source: https://habr.com/ru/post/1752091/

More articles:


All Articles