Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (11.02 KB, 3 trang )
< Day Day Up >
Policy Files
In this section, you will learn about the Flash player security restrictions as they apply to
loading external data, and how the restrictions can be bypassed.
By default, an SWF can load external data only from the domain on which it resides. In
other words, an SWF running within the Web page at
could not load the XML file at
because the running SWF and the file it's
attempting to load are not on the same domain. However, the domain derekfranklin.com
can give permission to SWF files that exist on electrotank.com by using a policy file,
allowing those SWF files to load and use content from the derekfranklin.com domain.
You will learn more about policy files later in this lesson, but before that you should
understand what the Flash player considers to be a different domain.
The Flash player uses exact domain matching to determine whether a Flash file and
external data source are on the same domain. A subdomain of a domain is not considered
the same domain as its parent. For example, store.electrotank.com is not considered the
same domain as games.electrotank.com, and www.electrotank.com is not the same as
electrotank.com. If the two domain names don't look exactly alike, letter for letter, they're
mismatched, and data exchange is not permitted without being granted access via a policy
file.
A policy file is an XML-formatted file that sits in the root directory of a domain. When
an SWF attempts to load data from another domain, the Flash player checks the
destination domain for a policy file. If a policy file exists, the Flash player loads it and
checks whether the origin domain is granted access. If the origin domain is granted
access, the Flash player loads the requested data; otherwise, it doesn't.
N
OTE
The loading of the policy file is transparent to the user. It happens in the background
without any special ActionScript coding.