Last updated on February 9th, 2022 at 02:32 pm
Hello guys i am back again with another nice set of tutorial based on Flash and actionscript. I am getting lot of emails from my users asking about the crossdomain technique in flash and how to make that work. When i searched google i was unable to find even a single perfect document that clearly says what we should do in this case.
Note: I don’t think anyone is using flash/swf files any more. But just keeping this tutorial since it has helped more than 35K visitors. (May be a reference)
Lets take a simple example
In orkut we have a flash scrap option. We can post scraps which is actually embedded SWF files.So lets take a scenario in which i have developed a Flash file[SWF] which reads my friends photo album which he has uploaded in Picasa.The logic behind it is my PHP script will read my friends picasa RSS page and create an XML data output.This XML data is read by my flash file which is a slideshow app.So when i upload these files mainly PHP, XML and also the SWF in my server say SERVER A it will work fine.Lets say i uploaded the files in the album folder of SERVER A
So i can access the file from http://www.SERVERA.com/album/<SWFNAME>.SWF
It will load fine with the SWF file perfectly showing the slideshow.
Now we will consider the scenario in which i am trying to scrap the swf embedded say in ORKUT.
<EMBED src="http://www.SERVERA.com/album/<SWFNAME>.SWF" quality="high" scale="noscale" bgcolor="#333333" WIDTH=450 HEIGHT=450 TYPE="application/x-shockwave-flash" PLUGINSPAGE="http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash"></EMBED>
Now this SWF file will get loaded in scrap, but unfortunately you wont be able to view any photos in the album.It will be blank.This means that XML is not properly loaded.So there is something that is preventing the SWF to read the data.There is a work around for this condition.That is achieved by using crossdomain.xml and also by adding a little bit of some security info in ur flash action script.
Now create crossdomain.xml file and add this lines below.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy>
Put this crossdomain.xml file in your server root directory.
Add the below lines in your actionscript page in the flash.
System.security.allowDomain("*"); System.security.allowInsecureDomain("*"); System.security.loadPolicyFile("http://www.serverA.com/crossdomain.xml");
What prevented ORKUT from displaying the SWF?
Just simple there is security enabled in flash and to overcome this we have specified in the crossdomain.xml to
allow-access-from domain=”*” or allow-access-from domain=”www.orkut.com” or allow-access-from domain=”*.orkut.com”
* –> Can be any domain [You are allowing any domains to access your SWF and its data]
www.orkut.com ->Specifically means that only www.orkut.com can access.
*.orkut.com ->Means any subdomains of Orkut along with Orkut.com is allowed.
This will fix your issue.Thanks.