1 Reply Latest reply on May 5, 2011 10:49 PM by Flex harUI

    Cross Domain Scripting when allowDomain() not accessible




      We have an issue we are trying to work around, it really comes down to CrossDomain scripting from Flash to Javascript using EIC calls, where the SWF is loaded into a different domain.


      Our scenario is this:

      We use Business Objects to build reports in Xcelsius - because of this, we dont have access to set the Security.allowDomain() (at least we have not found a way).  The business objects server is access via hostA.subdomainX.domainY.com (This is actually a server on a different domain, but we have created a CNAME for hostA.subdomainX.domainY.com which points points to the real "hidden" domain).


      We are trying to pull these SWF's into HTML that lives within a portal (Liferay) on a different host, but same domain and subdomain -> hostB.subdomainX.domainY.com.  These HTML pages interact with those SWF's through EIC and everything works great if I physically deploy them with the HTML files on hostB.subdomainX.domainY.com, as soon as we try to pull them from hostA.subdomainX.domainY.com, the EIC interaction fails silently producing no errors.


      We have read through this article several times over:

      http://help.adobe.com/en_US/FlashPlatform/reference/actionscript/3/flash/system/Security.h tml#allowDomain%28%29


      And we are focusing on the line that reads:


      allowDomain() needed: Yes, if domains don't match exactly (For flashplayer 8 or newer)


      Does this refer to the actual URL visible to the browser?  In our situation the domains do match, the subdomains match, but the hosts do not, is that still against policy?