Understanding security domains and http vs https

Report · Mar 08, 2012

I recently ran into an issue where my application swf would no longer load its modules. All were hosted in a single bucket on amazon's s3 service.

It turned out that the issue was that the application was being loaded at https, while the modules are being loaded at http, causing the security domain error.

I think I have two options.

1) Is it possible to set the security permissions in a way that a swf loaded at https can load a module at http? If so, how?

2) Is it possible for the application swf to know whether it was just loaded over ssl or not, without invoking javascript or passing a flashvar from the page?

Thanks!

Aaron

Report · Mar 09, 2012

As per option #1, neither Security.allowDomain nor Security.allowInsecureDomain worked, though it seems like it should have.

I ended up using option two, using Application.application.url in the main document. That gave me the swf's url, which I could then use to create a static variable that avoids the conflicting secure and non-secure loading problems.

I hope this helps someone else.

Adobe Community

Understanding security domains and http vs https