Flash security sandbox: calling a Javascript that makes a call to a different site
-
28-09-2019 - |
Question
Edit: I mixed a.com and b.com in my original post, I'll try to rephrase stuff correctly:
- A HTML page is loaded from a.com
- The HTML embeds a Flash client from b.com
- HTML contains a Javascript function that makes a connection to a.com, ie the origin of the HTML, not the origin of Flash
- The Flash calls that Javascript function
Question: Do I need to have a crossdomain.xml in a.com?
Solution
Please provide more details and in the meantime take a look at flash parameter :
<param name="allowScriptAccess" value="sameDomain" />
"sameDomain" is the default value As said in http://kb2.adobe.com/cps/164/tn_16494.html
When AllowScriptAccess is "always", the SWF file can communicate with the HTML page in which it is embedded even when the SWF file is from a different domain than the HTML page.
OTHER TIPS
Cross - domain restrictions are enforced in Javascript by the browser (normally). Depending on what you need to do, however, there are a number of workarounds. Perhaps if you provided more details?
EDIT:
You will need to use
<param name="allowScriptAccess" value="always" />
Cross - domain SWFs cannot normally access a web page, unless you use this, due to trust issues.