cross-domain policyI was doing some research today on consuming web services in flash. It seems that there is a new permission mechanism in flash player 7. You can create a “policy file” and stick on the server that you want to have access to from your flash movie. It’s just a simple xml file that looks like this:
bc[php].
Flash will automatically look for the policy file (its default name is “crossdomain.xml”) at the root of the server, or you can explictly tell flash where to find the file using System.security.loadPolicyFile.
These techniques will be especially of interest to those who are wondering why they can’t load data from mySub1.mysite.com when the swf came from mysite.com. In flash player 7, the data being loaded in must come from the the exact domain of the flash move, not jsut the same superdomain (which, in the web address “http://www.mysite.com” would be “mysite.com”).
Also of note, the allow-access-from element in the policy file also accepts another attribute, named “secure”, which you can set to “false” (the default is true), and that will allow movies that were not served over an https:// connection to access https movies and data.
There is a great article exlaining this stuff on the Flash Dev Center.
RSS feeds available for 