LocalConnection.allowDomain( ) Event Handler | Flash 6 |
callback to permit or deny a cross-domain connection attempt |
A string representing the sender's subdomain.
true if the connection is allowed, otherwise false.
The allowDomain( ) event is triggered on a receiving LocalConnection object whenever a message is received. The allowDomain( ) callback is expected to permit or deny the connection attempt by returning a value of true (permitted) or false (denied). When the sender and receiver are loaded from the same domain, including the same localhost, Flash automatically permits all connections, and allowDomain( ) should not be used. However, when the sender and receiver are loaded from separate domains, a connection is not allowed unless allowDomain( ) is implemented and returns true. When implemented, allowDomain( ) normally compares the value of its domain parameter with a list of trusted hosts. Note that LocalConnection.allowDomain( ) is a callback handler that returns whether to allow a connection. Unlike Security.settings.allowDomain( ), it is not a method to be configured once with the names of allowed subdomains.
The following receiver movie code creates a LocalConnection object that opens a connection named "channel1":
// Create a text field to display messages this.createTextField("output_txt", 1, 50, 100, 400, 100); output_txt.border = true; // Create the connection object receiveConn = new LocalConnection(); // Assign a method to be invoked remotely receiveConn.displayMsg = function (msg) { output_txt.text += msg + "\n"; } // Attempt to open a connection named "channel1". Store the result in a variable. connectSuccess = receiveConn.connect("channel1"); // Display whether the connection succeeded output_txt.text = "Receiver connection succeeded? " + connectSuccess + "\n";
Now suppose we post this receiver movie at http://www.graydient.com, and we want to allow messages from moock.org only (not even from graydient.com!). Here is the callback we assign to allowDomain( ):
// Handle incoming messages receiveConn.allowDomain = function (domain) { // If this handler is running, a new message arrived. // Show where the message is from. output_txt.text += "New message from: " + domain + "\n"; // Now the key decision: if the message is from moock.org... if (domain = = "moock.org") { // ...permit it return true; } else { // ...otherwise deny it return false; } }
If we want to allow messages from moock.org and the current receiving movie's subdomain (in this case graydient.com), we can use the domain( ) method, which returns a string indicating the movie's subdomain:
// Handle incoming messages receiveConn.allowDomain = function (domain) { // Show where the message is from output_txt.text += "New message from: " + domain + "\n"; // If the message is from moock.org or the receiver's domain... if (domain = = "moock.org" || domain = = this.domain()) { // ...permit it return true; } else { // ...otherwise deny it return false; } }
Or, more succinctly:
receiveConn.allowDomain = function (domain) { return domain = = "moock.org" || domain = = this.domain(); }
Our receiver work is done, but there's still a minor issue to contend with—the sender movie must identify the connection name correctly when sending messages. When it opened the connection, receiveConn set the connection name as "channel1", but in order to prevent connection name conflicts across domains, Flash automatically prefixes the connection name with the movie's subdomain and a colon. For example, when our receiver movie is posted at graydient.com, the actual connection name is not "channel1", but "graydient.com:channel1". Hence, when specifying the connection name in the sender, we must use:
sendConn = new LocalConnection(); // Add domain name of receiver to connection name sendConn.send("graydient.com:channel1", "displayMsg", "hello world");
If we know our receiver will receive messages only while posted at graydient.com, we're done. However, if we want to receive connections no matter where our receiver is posted, the plot gets a little thicker. For example, suppose we want to run a receiver both on the local filesystem (domain name "localhost") and on graydient.com. When we invoke the connect( ) method from a movie residing on graydient.com:
receiveConn.connect("channel1");
the final connection name becomes "graydient.com:channel1". But when we invoke the connect( ) method from a movie residing on the local filesystem, the final connection name becomes "localhost:channel1". Obviously, the sender cannot specify both connection names at once. The solution is to instruct Flash not to prefix the connection name with the domain name, by adding a leading underscore (_). For example:
receiveConn.connect("_channel1");
With no prefix domain, the sender can now address the connection directly as follows:
sendConn.send("_channel1", "displayMsg", "hello world");
Note, however, that names starting with an underscore will conflict across domains. For example, if a receiver at oreilly.com opens a connection named "_bookComm", and then moock.org opens a connection by the same name, the connection at moock.org will fail. Hence, use unique names when a leading underscore is specified (for example: "_org.moock.channel1").
LocalConnection.connect( ), LocalConnection.domain( ), LocalConnection.send( ), Security.settings.allowDomain( )