Information about cross-domain data access in FlAniS

Oct, 2009
updated: October, 2009

If you have the need to invoke FlAniS on one host machine, but want it to read data from another (or more than one), it is now possible to do this -- securely!

The key is that the Flash runtime will look onto the host (server) that you are attempting to read data from (assuming it is not the host from which you just loaded the flanis.swf file) and if it can find a special "crossdomain.xml" file which contains a reference back to the host where the FlAniS is run from, then it will allow access to read the data.

So, you do need to have access (or cooperation) from the host where the data resides. Without that, there is no way to read the data. Assuming that you do have htat, here is what you need to do:

  1. Put your HTML and the flanis.swf file on one host.
  2. Change all your file references to be explicit -- for example: <PARAM NAME="FlashVars" value="configFilename="> and be sure to do this explicit naming for all your file references!
  3. On the host from which you are trying to read data, put a file named crossdomain.xml in the server root directory. This file should contain this text (or a more restricted version -- see below!): <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*" to-ports="*" /> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy>
  4. Just note that you may put the FlAniS "config" file, as well as things like the "file_of_filenames" on the "other" host.

Flash provides many ways to restrict this access. For example, you can explicitly name the domains to allow access from: instead of "*" as the value for the "domain" attribute, you might have:

<allow-access-from domain="" to-ports="*" /> <allow-http-request-headers-from domain="" headers="*"/>

Complete documentation about the form of this file and the tags and their attributes can be found here

You or your site administrators might also find this article of interest, as it deals with the issue of cross-domain scripting and cross-site request forgery.

Back to the FlAniS homepage