About custom policy file locations

Flash Player 7 (7.0.19.0) supports a method called System.security.loadPolicyFile. This method lets you specify a custom location on a server where a cross-domain policy file can be found, so it does not need to be in the root directory. Flash Player 7 (7.0.14.0) only searched for policy files in the root location of a server, but it can be inconvenient for a site administrator to place this file in the root directory. For more information on the loadPolicyFile method and XMLSocket connections, see About XMLSocket policy files and loadPolicyFile (security.loadPolicyFile method) in the ActionScript 2.0 Language Reference.

If you use the loadPolicyFile method, a site administrator can place the policy file in any directory, as long as the SWF files that need to use the policy file call loadPolicyFile to tell Flash Player where the policy file is located. However, policy files not placed in the root directory have a limited scope. The policy file allows access only to locations at or below its own level in the server's hierarchy.

The loadPolicyFile method is available only in Flash Player 7 (7.0.19.0) or later. Authors of SWF files using the loadPolicyFile method must do one of the following:

Require Flash Player 7 (7.0.19.0) or later.
Arrange for the site where the data is coming from to have a policy file in the default location (the root directory) as well as in the nondefault location. Earlier versions of Flash Player use the default location.

Otherwise, authors must create SWF files so a failure of a cross-domain loading operation is implemented.

CAUTION

If your SWF file relies on loadPolicyFile, visitors with Flash Player 6 or earlier or Flash Player 7 (7.0.19.0) or later do not have problems. However, visitors with Flash Player 7 (7.0.14.0) do not have support for loadPolicyFile.

If you want to use a policy file in a custom location on the server, you must call System.security.loadPolicyFile before you make any requests that depend on the policy file, such as the following:

System.security.loadPolicyFile("http://www.adobe.com/folder1/folder2/crossdomain.xml");
var my_xml:XML = new XML();
my_xml.load("http://www.adobe.com/folder1/folder2/myData.xml");

You can load several policy files with overlapping scopes using loadPolicyFile. For all requests, Flash Player tries to consult all the files whose scope includes the location of the request. If one policy file fails to grant cross-domain access, another file is not prevented from granting access to data. If all access attempts fail, Flash Player looks in the default location of the crossdomain.xml file (in the root directory). The request fails if no policy file is found in the default location.

Flash CS3

Comments

daveyob said on Jul 4, 2008 at 12:13 AM :

Is there any hope for running this same code in a Flash exe (CS3)? I have tested this out to the point where I can load data into a swf but not into a matching exe.

RSS feed | Send me an e-mail when comments are added to this page | Comment Report

Current page: http://livedocs.adobe.com/flash/9.0/main/00001086.html