Cross-domain Policy
Cross-domain Policy
Starting with the Shockwave 11.5 Player, it is possible to suppress the security dialog when accessing data from a server different from the one the Shockwave movie is playing on.
To achieve this, you need to place an xml file on the server from which you are attempting to access data. For example, if your movie is running at http://host_server.com/movie.dcr, and it wants to access data at http://alternate_source_server.com/data.txt, then you need to place a cross-domain file on alternate_source_server.com.
This means that you cannot suppress the security dialog unless you have the right to place files on the server that you are trying to access. It is the owner of the alternate_source_server.com who gets to decide whether your access to data on that site is transparent or not.
There are two ways to suppress the security dialog:
- Place a file named crossdomain.xml in the root directory of the server
- Place a file anywhere on the server and use loadPolicyFile() to download its contents
The xml file should have the following format:
<cross-domain-policy> <allow-access-from domain="http://servername.com/directory/*" secure="true" to-ports="*" /> <allow-access-from domain="http://otherserver.com/" secure="true" to-ports="8000-9000,9192" /> </cross-domain-policy>
domain
The domain entry can define a precise directory path, or it can use * to indicate all subdirectories of the given path.
secure
If you omit the secure entry, it is set to true by default. Setting it to false is not recommended.
to-ports
You can set the to-ports entry to "*" to allow connection on any port, or you can define individual ports or ranges.