4 Replies Latest reply on Jan 2, 2007 9:27 AM by Smitchmor

    Clarification re: allowScriptAccess sameDomain

    Smitchmor
      I have an html file that resides on x.dev.mydomain.com. This loads a swf at y.dev.mydomain.com.

      The swf attempts to use ExternalInterface.call to call a javascript function on the html template.

      The html uses the following <param name="allowScriptAccess" value="sameDomain" />
      but I receive the following error message.

      Security sandbox violation:
      ExternalInterface caller
      http://y.dev.advance.net/my.swf
      cannot access http://x.dev.advance.net/my.html.

      When the html is modified to use the following,
      allowScriptAccess="always"
      the ExternalInterface call works.

      Can anyone confirm that this is expected behaviour, this appears to be more restrictive
      than I would have imagined. Also, what is the downside to using the 'always' attribute?

      Thanks.