jump to navigation

Security error accessing Flash content from other domain July 30, 2010

Posted by Tournas Dimitrios in Actionscript.

By default the Flash Player allows your site to retrieve data from your domain only. However, when developing with Flash tools, you’ll notice that you can point to and pull in data from anywhere. This is because the Flash software grants you special permission for testing purposes. When you put your site on a server “localhost” or “www.anydomain.com”, the Flash Player places a security sandbox around it and displays this error when you reach outside of it.

So for example if your Flash site is uploaded to “www.tournasdimitrios1.wordpress.com “and it makes a call to http://www.google.com/maps.php then an error is thrown because “www.tournasdimitrios1.wordpress.com” and http://www.google.com are two different domains. If maps.php was on http://www.tournasdimitrios1.wordpress.com in the same directory as your Flash site then because both resources are on the same domain, you are allowed access to the resources there.

The following URL’s, “http://www.somedomain.com” and “http://somedomain.com” are two different domains according to the Flash Player. This includes subdomains. You may want to redirect calls from, “yourdomain.com” to “www.yourdomain.com” or vice versa. Your domain may have an option like this:

How do you like the www in your URL?
– Both http://www.domain.com/ and http://domain.com/ work.
– Add “www.” if somebody goes to http://domain.com/
– Remove “www.” if somebody goes to http://www.domain.com/</em&gt;


  •  Add a cross domain policy file on the domain you are calling. Your swf can access resources on other domains if the other domain grants your permission. They do this through a cross-domain file. This is a simple xml file on the other domain (yes, they have to set it up) that says what domains can access what content. Some sites already have cross-domain policy files setup. Here is an example. More info here >>>-
  • Using a proxy page. You place the proxy page on your site and then you call it. It then gets the remote sites page and passes that back to your page on your server. There are numerous examples online. Here is an article from my blog >>>
  • Grant the swf permission to access remote sites via the Flash Player Global Security Settings. You can change the security sandbox setting on a file or folder manually. This is useful if you are testing a SWF locally and want to grant it permission to pull data from a remote domain. To do this, open the SWF in the browser. Right click on the SWF and choose settings. In the Security tab (default) choose Advanced. This will take you to a site that displays the Flash Player’s settings. On the left column choose Global Settings and then add the file or folder of the swf you are testing. Typically this will be something like, “c:/projects/flex/bin-debug/”, “users/judah/documents/flex/bin-debug/” or “http://localhost/&#8221;. From now on your swf can access data on sites it’s not hosted on but remember this solution only grants that specific directory or file on your computer access to remote sites. This change doesn’t affect anyone other computer than your own. You will still need to employ another solution listed here.


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s