Flash security sandbox: calling a Javascript that makes a call to a different site

Question

Edit: I mixed a.com and b.com in my original post, I'll try to rephrase stuff correctly:

• A HTML page is loaded from a.com
• The HTML embeds a Flash client from b.com
• HTML contains a Javascript function that makes a connection to a.com, ie the origin of the HTML, not the origin of Flash
• The Flash calls that Javascript function

Question: Do I need to have a crossdomain.xml in a.com?

Answer 1

Please provide more details and in the meantime take a look at flash parameter :

<param name="allowScriptAccess" value="sameDomain" />

"sameDomain" is the default value As said in http://kb2.adobe.com/cps/164/tn_16494.html

When AllowScriptAccess is "always", the SWF file can communicate with the HTML page in which it is embedded even when the SWF file is from a different domain than the HTML page.

Answer 2

Cross - domain restrictions are enforced in Javascript by the browser (normally). Depending on what you need to do, however, there are a number of workarounds. Perhaps if you provided more details?

---

EDIT:

You will need to use

<param name="allowScriptAccess" value="always" />

Cross - domain SWFs cannot normally access a web page, unless you use this, due to trust issues.