I have two SWF files. One (quiz.swf) will live and be run on a CDROM. The other (shim.swf) will live on my server. I want quiz.swf to "loadMovie" shim.swf when the user completes the quiz so that I can pass the results through a script on the server and email the results.

In essence, I'm trying to do the "Shim" method described by this page: http://www.macromedia.com/cfusion/knowledgebase/index.cfm?id=tn_16520

If I post both SWFs on the server, it works fine. However, if I move quiz.swf to my workstation (which is a requirement of the final product), I get an error indicating roughly "quiz.swf is trying to access the internet. Naughty quiz.swf."

I've set System.security.allowDomain() in quiz.swf, but that doesn't work.

Is this possible? If so, how do I bypass this security feature?

-Rick

A little more information:
I've posted the two scripts on two different domains, and set the System.security.allowDomain() in each to the other (clear?). That works.

The question is, what can I set the System.security.allowDomain() to on shim.swf (which lives on a server) in order to have it work from a CD-based quiz.swf?

-Rick

However, if I move quiz.swf to my workstation (which is a requirement of the final product), I get an error indicating roughly "quiz.swf is trying to access the internet. Naughty quiz.swf."

This sounds like a message you would get from ZoneAlarm/Windows Firewall/etc, not from Flash.

I've deployed projector files before that pull stuff down off a bunch of web sites and have never seen that error and have never had to do anything to cater to this.

Post a screenshot of the error message ("quiz.swf is trying to access the internet. Naughty quiz.swf.") for further assistance!

I don't know how to insert a picture directly into the post, so I put it here:
http://www.hhp.ufl.edu/temp/flash.error.jpg

For those that don't wish to look at the picture, the error is titled "Macromedia Flash Player Security".

Upon further review I see I've left out one other piece of information.

Everything works if I run directly in the Flash Player, but not if I run in a browser plugin. Having the end user run directly in the player probably isn't an option.

Ah, so it works in the standalone flash player, but not if you open the swf in a browser. Interesting. Haven't tried that before...

Are you using Flash 8?

Rossman: That's it, on the nose.

deadbeat: No, Flash MX 2004.

Yeah... It looks like one of those new F8 security stuff where you cannot access the local file system and web at the same time sort of deal to me...

Maybe use the IP address instead of the localhost???

It's not Flash 8 - it's MX 2004. That said, can you point me to some docs on the 'new F8 security stuff' - maybe it'll shed some light on the problem...

Using IP won't really work since this is going to be a CD-ROM based project.

In detail:
This is basically a textbook on CD. There are end of chapter review questions (in Flash). We want the student/user to have the option of sending an email with their review results to their instructor. We do not want to make Internet access a requirement for the review questions - only for the email option.

Thanks,

-Rick

So wait, hang on here a sec. If you are deploying as a CD-ROM presentation, why not just compile your FLA to an EXE - it won't have the same restrictions as just running the SWF in a browser...

I'm pretty new to Flash, so the projector idea had not occured to me. It works, but presents some additional problems...

The bulk of the content is in HTML - only the review questions are in Flash. Is there an established technique for launching an EXE from a CD based webpage?

-Rick

Presumably just a hyperlink to the .exe file would do it, but their browser will warn them about running "potentially unsafe content" no doubt.

I've set System.security.allowDomain() in quiz.swf, but that doesn't work.You do know you have to do that in BOTH files, right? Shim and quiz.

Flash: Well, that was my original question... what is the appropriate value to set in the shim, assuming that the quiz is going to originate from an end user PC?

Upon further analysis, it's not getting that far anyway - the call is being blocked by the player before it goes out across the internet.

Rossman: If you just hyperlink an .exe it brings up a Save dialogue when clicked. So far, I have not found a good answer to this problem while searching the web...

-Rick

Flash help says:

Occasionally, you might encounter the following situation: You load a child SWF file from a different domain and want to allow the child SWF file to script the parent SWF file, but you don’t know the final domain from which the child SWF file will come. This can happen, for example, when you use load-balancing redirects or third-party servers.

In this situation, you can use the MovieClip._url property as an argument to this method. For example, if you load a SWF file into my_mc, you can call System.security.allowDomain(my_mc._url).

If you do this, be sure to wait until the SWF file in my_mc is loaded, because the _url property does not have its final, correct value until the file is completely loaded. The best way to determine when a child SWF finishes loading is to use MovieClipLoader.onLoadComplete.

The opposite situation can also occur; that is, you might create a child SWF file that wants to allow its parent to script it, but doesn’t know what the domain of its parent will be. In this situation, call System.security.allowDomain(_parent._url) from the child SWF. In this situation, you don’t have to wait for the parent SWF file to load; the parent will already be loaded by the time the child loads.



This doesn't work for you?

Flash: Well, that was my original question... what is the appropriate value to set in the shim, assuming that the quiz is going to originate from an end user PC? I didn't exactly follow the entire thread, but if the appication is running from a user PC locally, i don't think there are cross domain issues. At least i never get any when I test stuff that needs server side assistants.

Flash help says:
This doesn't work for you?

Nope.

I've created a simple, stripped down pair of movies to demonstrate the problem.

Download http://www.hhp.ufl.edu/temp/local.test.swf to your workstation.

Note that it works on the web. It will work if you run it in the standalone player. It will give the error if you run it in the browser plugin.

It uses loadMovie() to load http://www.hhp.ufl.edu/temp/shim.swf.
System.security.allowDomain(_parent._url); is set in shim.swf and System.security.allowDomain("www.hhp.ufl.edu") is set in local.test.swf.

FLA sources here:
http://www.hhp.ufl.edu/temp/local.test.fla
http://www.hhp.ufl.edu/temp/shim.fla

I didn't exactly follow the entire thread, but if the appication is running from a user PC locally, i don't think there are cross domain issues. At least i never get any when I test stuff that needs server side assistants.

Perhaps you could review my code in the previous post and let me know where I've gone wrong... it may not be a 'cross domain' issue in the usual sense, but it's definitely not working, and seems related to the local PC <-> internet boundary.

I've only been working in Flash for about 2 weeks, so I'm really quite puzzled right now.

Thanks,

-Rick

shim:
System.security.allowDomain("yoursite.com");//write out your site not _url
onYour site:
System.security.allowDomain("hhp.ufl.edu", "ufl.edu", "www.hhp.ufl.edu");
//------
loadMovieNum("http://www.hhp.ufl.edu/shim.swf", 1);