Search code examples
flashactionscript-3lockingwhitelist

How to Site-Lock a Flash Application?

I have a flash application that I am going to put up on my website shortly. I want to be able to "lock it" to the site to prevent:

  • Hosting the .SWF on another site (after an illicit download), and
  • Preventing the .SWF from opening if included in an iFrame on another site

While allowing:

  • A whitelist of sites to be passed through/enabled without me having to define all the variations of a URL (ie: www.abc.com, abc.com, abc.com/game/, games.abc.com, etc.)

There are commercial applications that cost hundreds of dollars to perform this task, but I'm pretty sure it can be done with:

root.loaderInfo.url

Somehow. Does anyone out there know how to go about doing this? My biggest concern is the iFrame prevention, as when sites steal flash they usually just iframe to your own site to save themselves the bandwidth costs.

I'm using Flex SDK (not the Flash IDE) so some pure AS3 code will do the trick for me.

Solution

  • This code will report back the loading URL. You can use it in your main loader to show an unauthorized message or not load at all if it doesn't match what you expect:

    public static function Domain(root:Sprite):String {
    var currentDomain:String = root.loaderInfo.url.split("/")[2];
    var fqdn:Array = currentDomain.split(".");
    var rdi:int = 1;
    var tli:int = 2; 
    if (fqdn.length == 2) {
        rdi--;
        tli--;
    }

    return fqdn[rdi] + "." + fqdn[tli];
}