In the preceding sections of the book, youve seen how to work with XML documents within Flash. While its easy to load, modify, and update XML documents within Flash, you need to be aware of some of the limitations of the XML class.
The XML class uses a request and response model of interaction. Flash requests the XML document and receives a response. If the XML document changes outside of Flash, Flash will have to request it again. Therefore, the XML class isnt useful for working with XML content that is constantly changing. It would be very inefficient for Flash to request new XML information continually.
If you need to work with real-time data, Flash provides the XMLSocket class. This class maintains a persistent connection with the server so data can be fed into a Flash movie. If you use this class, Flash doesnt need to request content or continually poll the server, checking for updates. Youll find out more about the XMLSocket class in Chapter 10.
Flash contains a nonvalidating XML parser so Flash cant check the contents of an XML document tree against a DTD or schema to check it is valid. This could cause problems when you want to update an external XML document. You dont have any way of checking that the XML is valid before you send it to a server-side page. You can get around this problem by adding validation to the server-side file that processes the updates.
For security reasons, Flash isnt able to update external XML documents. You can manipulate the document tree within Flash, but as soon as you want to save the changes, Flash will need a server-side page and a web server.
If updating XML content in Flash is going to be a regular part of your work, youll need to develop some skills in a server-side language like PHP, ColdFusion, or ASP.NET. An alternative is to work with a developer experienced in the area.
Later versions of the Flash player restrict you to loading XML documents that come from the same domain as the Flash movie. If you store your SWF file at http://www.mydomain.com, by default you can only load an XML document from http://www.mydomain.com. Flash Players 7 and above dont allow you to load data from subdomains like http://new.mydomain.com or https ://www.mydomain.com. You cant use an IP address that resolves to the same subdomain.
This restriction applies to all external data and affects the XML, LoadVars , and XMLSocket classes. It doesnt apply when youre working within Flash on your desktop machine. Rather, it comes into effect once you upload the movie to a web server.
If you need to include content from another domain or subdomain, you can create a cross-domain policy file. You can also proxy the data from another domain using a server-side file.
When Flash requests data from a different domain, first it looks for the cross-domain policy file on the external web server. If the file exists and lists the current domain, Flash loads the external data. If not, the data cannot be loaded into the SWF file.
A cross-domain policy file is an XML document named crossdomain.xml that resides on the server providing the data. The file can list specific domains that can access the data, or it can provide blanket access to all domains. Policy files only work with the HTTP, HTTPS, or FTP protocols.
Ive shown a sample crossdomain.xml file here. It contains a root element <cross-domain-policy> and a <allow-access-from> element. You can have more than one of these elements in your file to grant access to multiple domains.
<?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*.mydomain.com" /> </cross-domain-policy>
The file allows access from any subdomain in mydomain.com . I could also have listed a specific domain, http://www.mydomain.com, or an IP address. Using an asterisk grants access to all domains.
<?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy>
You can allow access from http domains to secure domains, that is, those using HTTPS, by adding an attribute to the <allow-access-from> element:
<?xml version="1.0"?> <cross-domain-policy> <allow-access-from domain="www.mydomain.com" secure="false"/> </cross-domain-policy>
If you dont include this attribute, the default value is true .
You usually place the crossdomain.xml file in the web server root directory. If youre using Flash Player 7 and above, you can also reference a custom location using the System.security.loadPolicyFile method. If you do this, you must set the location before you request data from the other domain.
var PF:String = "http://www.mydomain.com/policies/crossdomain.xml"; System.security.loadPolicyFile(PF);
An alternative solution is to proxy the data using a server-side file.
Flash can load data from a server-side file in the same domain. You can use this type of file to request remote XML content and pass it to Flash. Macromedia provides code samples at www.macromedia.com/ cfusion/knowledgebase/index.cfm?id=tn_16520. You will also see an example of proxying information in Chapter 9, when we look at web services.