allowDomain (security.allowDomain method)
public static allowDomain(domain1:String) : Void
Lets SWF files and HTML files in the identified domains access objects and variables in the calling SWF file or in any other SWF file from the same domain as the calling SWF file.
In files playing in Flash Player 7 or later, the parameters passed must follow exact-domain naming rules. For example, to allow access by SWF files hosted at either www.domain.com or store.domain.com, both domain names must be passed:
// For Flash Player 6
System.security.allowDomain("domain.com");
// Corresponding commands to allow access by SWF files
// that are running in Flash Player 7 or later
System.security.allowDomain("www.domain.com", "store.domain.com");
Also, for files running in Flash Player 7 or later, you can't use this method to let SWF files hosted using a secure protocol (HTTPS) allow access from SWF files hosted in nonsecure protocols; you must use System.security.allowInsecureDomain() instead.
Occasionally, you might encounter the following situation: You load a child SWF file from a different domain and want to allow the child SWF file to script the parent SWF file, but you don't know the final domain from which the child SWF file will originate. This can happen, for example, when you use load-balancing redirects or third-party servers.
In this situation, you can use the MovieClip._url property as an argument to this method. For example, if you load a SWF file into my_mc, you can call System.security.allowDomain(my_mc._url).
If you do this, be sure to wait until the SWF file in my_mc is loaded, because the _url property does not have its final, correct value until the file is completely loaded. The best way to determine when a child SWF finishes loading is to use MovieClipLoader.onLoadComplete.
The opposite situation can also occur; that is, you might create a child SWF file that wants to allow its parent to script it, but doesn't know what the domain of its parent will be. In this situation, call System.security.allowDomain(_parent._url) from the child SWF. In this situation, you don't have to wait for the parent SWF file to load; the parent is already loaded by the time the child loads.
domain1:String - One or more strings that specify domains that can access objects and variables in the SWF file that contains the System.Security.allowDomain() call. The domains can be formatted in the following ways:
- "domain.com"
- "http://domain.com"
- "http://IPaddress"
The SWF file located at www.macromedia.com/MovieA.swf contains the following lines:
System.security.allowDomain("www.shockwave.com");
loadMovie("http://www.shockwave.com/MovieB.swf", my_mc);
Because MovieA contains the allowDomain() call, MovieB can access the objects and variables in MovieA. If MovieA didn't contain this call, the Flash security implementation would prevent MovieB from accessing MovieA's objects and variables.
onLoadComplete (MovieClipLoader.onLoadComplete event listener), _parent (MovieClip._parent property), _url (MovieClip._url property), allowInsecureDomain (security.allowInsecureDomain method)