ActionScript 2.0 Language Reference 
ActionScript 2.0 Language Reference |
|
|
|
| ActionScript classes > LocalConnection > allowDomain (LocalConnection.allowDomain handler) | |||
|
|||
|
|||
|
|||
allowDomain = function([sendingDomain:String]) {}
Invoked whenever receiving_lc receives a request to invoke a method from a sending LocalConnection object. Flash expects the code you implement in this handler to return a Boolean value of true or false. If the handler doesn't return true, the request from the sending object is ignored, and the method is not invoked.
When this event handler is absent, Flash Player applies a default security policy, which is equivalent to the following code:
my_lc.allowDomain = function (sendingDomain)
{
return (sendingDomain == this.domain());
}
Use LocalConnection.allowDomain to explicitly permit LocalConnection objects from specified domains, or from any domain, to execute methods of the receiving LocalConnection object. If you don't declare the sendingDomain parameter, you probably want to accept commands from any domain, and the code in your handler would be simply return true. If you do declare sendingDomain, you probably want to compare the value of sendingDomain with domains from which you want to accept commands. The following examples show both implementations.
In files authored for Flash Player 6, the sendingDomain parameter contains the superdomain of the caller. In files authored for Flash Player 7 or later, the sendingDomain parameter contains the exact domain of the caller. In the latter case, to allow access by SWF files hosted at either www.domain.com or store.domain.com, you must explicitly allow access from both domains.
// For Flash Player 6
receiving_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="domain.com");
}
// For Flash Player 7 or later
receiving_lc.allowDomain = function(sendingDomain) {
return(sendingDomain=="www.domain.com" ||
sendingDomain=="store.domain.com");
}
Also, for files authored for Flash Player 7 or later, you can't use this method to let SWF files hosted using a secure protocol (HTTPS) allow access from SWF files hosted in nonsecure protocols; you must use the LocalConnection.allowInsecureDomain event handler instead.
Occasionally, you might encounter the following situation. Suppose you load a child SWF file from a different domain. You want to implement this method so that the child SWF file can make LocalConnection calls to the parent SWF file, but you don't know the final domain from which the child SWF file will come. This can happen, for example, when you use load-balancing redirects or third-party servers.
In this situation, you can use the MovieClip._url property in your implementation of this method. For example, if you load a SWF file into my_mc, you can then implement this method by checking whether the domain argument matches the domain of my_mc._url. (You must parse the domain out of the full URL contained in my_mc._url.)
If you do this, make sure that you wait until the SWF file in my_mc is loaded, because the _url property will not have its final, correct value until the file is completely loaded. The best way to determine when a child SWF file finishes loading is to use MovieClipLoader.onLoadComplete.
The opposite situation can also occur: You might create a child SWF file that wants to accept LocalConnection calls from its parent but doesn't know the domain of its parent. In this situation, implement this method by checking whether the domain argument matches the domain of _parent._url. Again, you must parse the domain out of the full URL from _parent._url. In this situation, you don't have to wait for the parent SWF file to load; the parent will already be loaded by the time the child loads.
Availability: ActionScript 1.0; Flash Player 7
sendingDomain:String [optional] - A string that specifies the domain of the SWF file that contains the sending LocalConnection object.
The following example shows how a LocalConnection object in a receiving SWF file can permit SWF files from any domain to invoke its methods. Compare this to the example in LocalConnection.connect(), in which only SWF files from the same domain can invoke the trace() method in the receiving SWF file. For a discussion of the use of the underscore (_) in the connection name, see LocalConnection.send().
this.createTextField("welcome_txt", this.getNextHighestDepth(), 10, 10, 100, 20);
var my_lc:LocalConnection = new LocalConnection();
my_lc.allowDomain = function(sendingDomain:String) {
domain_txt.text = sendingDomain;
return true;
};
my_lc.allowInsecureDomain = function(sendingDomain:String) {
return (sendingDomain == this.domain());
}
my_lc.sayHello = function(name:String) {
welcome_txt.text = "Hello, "+name;
};
my_lc.connect("_mylc");
The following example sends a string to the previous SWF file and displays a status message about whether the local connection was able to connect to the file. A TextInput component called name_ti, a TextArea instance called status_ta and a Button instance called send_button are used to display content.
var sending_lc:LocalConnection;
var sendListener:Object = new Object();
sendListener.click = function(evt:Object) {
sending_lc = new LocalConnection();
sending_lc.onStatus = function(infoObject:Object) {
switch (infoObject.level) {
case 'status' :
status_ta.text = "LocalConnection connected successfully.";
break;
case 'error' :
status_ta.text = "LocalConnection encountered an error.";
break;
}
};
sending_lc.send("_mylc", "sayHello", name_ti.text);
};
send_button.addEventListener("click", sendListener);
If your SWF file includes a version 2 component, use the version 2 components' DepthManager class instead of the MovieClip.getNextHighestDepth() method used in the previous example.
In the following example, the receiving SWF file, which resides in thisDomain.com, accepts commands only from SWF files located in thisDomain.com or thatDomain.com:
var aLocalConn:LocalConnection = new LocalConnection();
aLocalConn.Trace = function(aString) {
aTextField += aString+newline;
};
aLocalConn.allowDomain = function(sendingDomain) {
return (sendingDomain == this.domain() || sendingDomain == "www.adobe.com");
};
aLocalConn.connect("_mylc");
When published for Flash Player 7 or later, exact domain matching is used. This means that the example will fail if the SWF files are located at www.thatDomain.com but will work if the files are located at thatDomain.com.
connect (LocalConnection.connect method), domain (LocalConnection.domain method), send (LocalConnection.send method), _url (MovieClip._url property), onLoadComplete (MovieClipLoader.onLoadComplete event listener), _parent property
|
|||
|
|||
|
|||
|
|
|
|