Macromedia Flash movie fails to load data in Flash Player 7
Issue
When playing back a Macromedia Flash movie that calls data that violates the Macromedia Flash Player Security Sandbox in Flash Player 7, an Insecure Operation dialog box appears over the Flash movie that looks like the following:
Note: This dialog box will not appear if the movie is smaller than 215 x 138 pixels, or is viewed in an older browser such as NN 4.x or IE.5.0 (Mac OS 9).
Reason
Flash Player 7 has increased security features that may affect existing content. These security features affect data loading operations, such as the use of loadVariables, LoadVars.load, XML.load, Flash Remoting and XML sockets.
There are three mechanisms that can cause this behavior.
- The movie attempts to load data from another sub-domain, even if the sub-domain is in the same top-level domain. For example a movie located at http://www.macromedia.com requests data fromhttp://foobar.macromedia.com.
- The movie attempts to load data from the same domain, but either the movie or the data request has omitted the "www" token from the URL. For example a movie located athttp://www.macromedia.com requests data fromhttp://macromedia.com.
- The movie is hosted via HTTP and attempts to load data located at a URL that specifies HTTPS protocol. For example a movie located at http://www.macromedia.com requests data fromhttps://www.macromedia.com.
Solution
- If the movie in question is requesting data from a URL that omits the leading "www" token of the URL (see example 2 above), the movie can be modified so that all requests to URLs match the one with which the movie was accessed. Alternatively, URLs in the movie can be modified to be relative instead of absolute.
- If the movie requests a data source that is on a different sub-domain, the data source can be moved to the same domain as the movie, and URLs in the movie are updated to the new location.
- A cross-domain policy file can be deployed on the server you wish to access with the movie. Policy files are a new Flash Player 7 feature that allow a site administrator to set rules regarding data access. They are simple XML files used to permit data access from Flash movies based on domain of origin.
They can also be used to grant HTTP access to HTTPS data, although this practice is not encouraged.
For detailed instructions on how to create a policy file, please see External data not accessible outside a Flash movie's domain (TN 14213).
Note: This is usually the most desirable solution, as it does not require the Flash movie to be changed in any way, and functionality can be restored with an external text file.
Additional information
In the Flash Player's Settings UI, or the Settings Manager movie on macromedia.com, there is an option to allow a Flash Player user to control the data loading for all SWF files. In these cases, the end user has encountered the data loading dialog and made a choice to allow or deny the operation, while checking the checkbox to remember this decision for all Flash movies viewed thereafter.
In these situations, the end user will no longer see a dialog, so it is possible that a data loading error may occur without notification, and the problem may be more difficult to diagnose. Deploying a policy file for this circumstance may be the ideal solution.
To change your own Flash Player global settings, use the Settings Manager movie.
This content requires Flash
To view this content, JavaScript must be enabled, and you need the latest version of the Adobe Flash Player.
Download the free Flash Player now!
