Flash Lite 2.x and 3.0 ActionScript Language Reference

allowInsecureDomain (security.allowInsecureDomain method) 

public static allowInsecureDomain(domain:String) : Void

Lets SWF files and HTML files in the identified domains access objects and variables in the calling SWF file, which is hosted using the HTTPS protocol. It also lets the SWF files in the identified domains access any other SWF files in the same domain as the calling SWF file.

By default, SWF files hosted using the HTTPS protocol can be accessed only by other SWF files hosted using the HTTPS protocol. This implementation maintains the integrity provided by the HTTPS protocol.

Macromedia does not recommend using this method to override the default behavior because it compromises HTTPS security. However, you might need to do so, for example, if you must permit access to HTTPS files published for Flash Player 7 or later from HTTP files published for Flash Player 6.

A SWF file published for Flash Player 6 can use System.security.allowDomain() to permit HTTP to HTTPS access. However, because security is implemented differently in Flash Player 7, you must use System.Security.allowInsecureDomain() to permit such access in SWF files published for Flash Player 7 or later.

Note: It is sometimes necessary to call System.security.allowInsecureDomain() with an argument that exactly matches the domain of the SWF file in which this call appears. This is different from System.security.allowDomain(), which is never necessary to call with a SWF file's own domain as an argument. The reason this is sometimes necessary with System.security.allowInsecureDomain() is that, by default, a SWF file at http://foo.com is not allowed to script a SWF file at https://foo.com, even though the domains are identical.

Parameters

domain:String - An exact domain name, such as www.myDomainName.com or store.myDomainName.com.

Example

In the following example, you host a math test on a secure domain so that only registered students can access it. You have also developed a number of SWF files that illustrate certain concepts, which you host on an insecure domain. You want students to access the test from the SWF file that contains information about a concept. 

 // This SWF file is at https://myEducationSite.somewhere.com/mathTest.swf
 // Concept files are at http://myEducationSite.somewhere.com
 System.security.allowInsecureDomain("myEducationSite.somewhere.com");

See also

allowDomain (security.allowDomain method)