Recipe 18.4. Accepting Local Communications from Other Domains

Previous page
Table of content
Next page

Problem

You want a movie to accept local connection communications from movies served from other domains.

Solution

Use the allowDomain( ) method of the receiving local connection object.

Discussion

By default, receiving movies accept communications from sending movies on the same domain only. However, you can use the allowDomain( ) method of a local connection object to allow or disallow communications from any domain. You need to call the allowDomain( ) method for each receiving local connection object for which you wish to define a custom list of domains to accept or deny.

The behavior of allowDomain( ) has changed from previous versions of ActionScript. Before, the method acted as a callback. It would automatically invoke when a local connection object received a communication. Based on the return value of the method, the communication was either accepted or denied.

In ActionScript 3.0, the allowDomain( ) method needs to be explicitly called on a LocalConnection instance. The method takes one or more strings, specifying the domains that are allowed to send messages to the local connection instance that allowDomain( ) is called from. In this example, we specifically allow movies from darronschall.com to send messages to the current movie.

var receiver:LocalConnection = new LocalConnection(  ); receiver.connect( "_exampleChannel" ); // Allow movies from darronschall.com to send data over  // "_exampleChannel" to execute code within this movie. receiver.allowDomain( "darronschall.com" );

To allow more than one domain to be able to send data to a movie, pass additional parameters to the allowDomain( ) method with one string for each domain to allow:

receiver.allowDomain( "macromedia.com", "adobe.com", "google.com" );

There are two special domain strings that can be used in allowDomain( ). To allow any domain, use ~ as the domain string. It is generally not a good practice to allow communications from all domains, because doing so allows any other movie to invoke an arbitrary method on your movie. It is better to specify trusted domains from which to accept connections. To allow any locally instantiated movie to send data, use localhost as the domain string.

Local connection objects also provide a convenient means of determining the domain of the receiving movie. The domain property can be accessed from any local connection instance to reveal the domain from which the movie is being served. It is a read-only property, meaning you can only inspect it. Trying to set domain results in a compiler error. You can pass the domain to the allowDomain( ) method to allow communications from the same domain; for example:

receiver.allowDomain( receiver.domain );

The preceding example accomplishes exactly the same thing as though you had not called the allowDomain( ) method at all; it allows communications from the same domain only. Normally, therefore, you use the allowDomain( ) method and domain property to allow communications from the same domain as well as communications from other domains:

receiver.allowDomain( "darronschall.com", receiver.domain );

The preceding code allows local connection messages to be sent from darronschall.com, and also from the same domain that the movie is served from.

Similar to the allowDomain( ) method is the allowInsecureDomain( ) method. For the most part, the methods are the same. The difference lies in the use of HTTPS. When a movie is served over HTTPS, the local connection instances inside won't accept data and communication from movies that are delivered via HTTP. Unless the Flash Player is instructed otherwise via allowInsecureDomain( ), by default communication from an HTTP movie to an HTTPS movie is denied, even if the movies are served from the same domain.

It is generally not good practice to use allowInsecureDomain( ) because it can comprise the security benefits offered by HTTPS. You can't trust the integrity of local connection communication received from movies delivered over HTTP, as it may be possible for the movie to be altered during delivery. Nevertheless, if you must use allowInsecureDomain( ), call it just like you would allowDomain( ) .

receiver.allowInsecureDomain( "adobe.com" );

See Also

Recipe 3.12



Previous page
Table of content
Next page
ActionScript 3. 0 Cookbook
ActionScript 3.0 Cookbook: Solutions for Flash Platform and Flex Application Developers
ISBN: 0596526954
EAN: 2147483647
Year: 2007
Pages: 351
Authors: Joey Lott, Darron Schall, Keith Peters
BUY ON AMAZON
Cisco IP Communications Express: CallManager Express with Cisco Unity Express
Making Sense of Change Management: A Complete Guide to the Models, Tools and Techniques of Organizational Change
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
Quartz Job Scheduling Framework: Building Open Source Enterprise Applications
MPLS Configuration on Cisco IOS Software
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy