I've got a Flash movie, loading data from an external URL. In fact, it's a RSS reader inside a banner.
Everything works perfectly when the Flash movie and data URL are on the same domain. However, if the Flash movie is on another domain, Flash security kicks in.
The manual says that I can allow a domain trough Security.AllowDomain()
system.Security.allowDomain("http://www.mydomain.abc/")
xmlData = new XML();
xmlData.ignoreWhite = true;
xmlData.onLoad = loadXML;
xmlData.load("http://www.mydomain.abc/content.php");
But when I embed the .swf in a HTML page, the data won't load. Any tips how to debug or solve this?
Fixed it. The Adobe Docs explains the method to create a file called crossdomain.xml in the root of mydomain.abc
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.domain-of-swf.com" />
</cross-domain-policy>
Don't use <allow-access-from domain="*" /> because that will allow any SWF on the internet to make calls to your domain on behalf of your users with all cookies attached to requests. This will leak private data unless your domain doesn't store such or doesn't use cookies/HTTP Authentication.