« Edwin's Flash MathML Reader | Main | End of the Year Gifts »

Conclusion of the Flash 7 Cross-Domain Policy Saga?

When Macromedia released version 7 of its Flash player, many developers were justifiably upset with the sudden change in the security of the sandbox. It's not that we didn't want things tightened up...in fact many of us embraced the increased security. The problem was that the changes broke our existing applications and we were left without a method to repair them.

If your application served through a port other than port 80, you were out of luck. Yes, there was the cross-domain policy file you could upload to your server. However, if your application served data through..say port 8080...the player would not find it. The player would only look on port 80.

Now, at last, there is a solution. Macromedia has added to the ActionScript API: System.security.loadPolicyFile(); With this, you can tell the player, from within your application, where to look for the policy file ("crossdomain.xml").

There are two drawbacks to this, however:

  1. Code must be added to the source file of the application, and a new swf must be compiled and uploaded to the server.

  2. The solution works only for the Flash Player version 7,0,19,0, and later. All earlier subversions of the Flash Player 7, will still pop up a security warning message to end users.

For more information, including how to resolve the policy file issue for XMLSocket servers, see Deneb Meketa's article on the Macromedia website.

Macromedia Flash Player Download Center

File size:476 K
Download Time Estimate:1 minute @ 56K modem
Browser:Internet Explorer and AOL
Date Posted:12/16/2003


So this actually worked for the Periodic Table?

Yep. I'm very happy that it did. But it's only resolved for folks with the newest version of the player. The security warning still pops up for earlier versions of the Flash 7 player.

Not the optimal solution, but progress. :-)

Good to hear it worked out for you (at least to a solution that will work for the latest and the last last version of flash)

Thanks, Graeme. It was very frustrating to have a broken app that I couldn't fix. What had me most worried was the possible future of using Flash as the client for remote webMathematica applications...but that doesn't seem to be a problem anymore :-)