So here I was, thinking that the Flash Player 9 security update (version 9.0.124) wasn’t going to affect me. A silly assumption, of course—I should have tested with the beta, regardless—but since I didn’t do anything fancy with sockets or web services, I thought I would be fine.
Ha!
I missed this section: “You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means”.
And when they say “any means,” that includes LoadVars.send()
, which I am using, in a SWF that is hosted on a different subdomain than the page which contains it (petswf.bunnyherolabs.com
vs bunnyherolabs.com
).
Luckily, the fix was simple: I just had to add the parameter allowScriptAccess = "always"
to the embed tag. Phew!
Next time I see one of these announcements, I promise I will test it, even if I don’t think it applies to me ;)
I tried your suggestion but couldn’t get it working. In my SWF I’m calling loadvars but sending the request to another IP address (ie, not were the original SWF came from)
What was your situation exactly?
Thanks!!
Hey Jason,
My SWF is a simple form, hosted on petswf.bunnyherolabs.com. When the user clicks on the submit button, the SWF does a LoadVars.send() to a URL on bunnyherolabs.com (different domain).
During troubleshooting, I also added crossdomain.xml files to both petswf… and bunnyherolabs.com. I didn’t remove them after I got it working, so I don’t know if it was necessary or not. Perhaps it is? Try adding a crossdomain.xml to the destination of the LoadVars.
And I just now found this article, which I wish I had read when I first encountered the problem! It shows you how to turn on “policy file logging” in the debug version of the Flash Player.