DekGenius.com
[ Team LiB ] Previous Section Next Section

Recipe 17.4 Accepting Communications from Other Domains

17.4.1 Problem

You want a movie to accept local connection communications from movies served from other domains.

17.4.2 Solution

Use the allowDomain( ) method of the receiving local connection object.

17.4.3 Discussion

By default, receiving movies accept communications from sending movies on the same domain only. However, you can use the allowDomain( ) method of a local connection object to allow or disallow communications from any domains. You need to define the allowDomain( ) method for each receiving local connection object for which you wish to define a custom list of domains to accept or deny.

If present, the allowDomain( ) method is automatically invoked when a local connection object receives a communication. If allowDomain( ) returns true, the communication is accepted; if it returns false, the communication is denied. Therefore, you can configure a local connection object to receive communications from any domain by having its allowDomain( ) method return true in all cases:

// Define the receiving local connection, and instruct it to listen to communications
// over the "_myConnection" channel.
receiving_lc = new LocalConnection(  );
receiving_lc.connect("_myConnection");

// Define the allowDomain(  ) method for the receiving local connection object, which
// is invoked automatically whenever a communication is received. This example always
// returns true, so all communications are accepted.
receiving_lc.allowDomain = function (domain) {
  return true;
};

However, it is generally not a good practice to allow communications from all domains, because doing so allows any other movie to invoke an arbitrary method on your movie. It is better to specify trusted domains from which to accept connections. The domain of the sending movie is passed to the allowDomain( ) method as a parameter, and you can use this to determine whether the sending domain should be trusted. For example:

receiving_lc.allowDomain = function (domain) {
  // If the domain of the sending movie is person13.com, allow the communication.
  // Otherwise, disallow it.
  if (domain == "person13.com") {
    return true;
  } else {
    return false;
  }
};

Local connection objects also provide a convenient means of determining the domain of the receiving movie. The domain( ) method can be invoked from any local connection object to reveal the domain from which the movie is being served. You can use this method within the allowDomain( ) method to allow communications from the same domain. For example:

receiving_lc.allowDomain = function (domain) {
  // If the domain of the sending movie is the same as that of the receiving movie,
  // allow the communication. Otherwise, disallow it.
  if (domain == this.domain(  )) {
    return true;
  } else {
    return false;
  }
};

The preceding example accomplishes exactly the same thing as though you had not defined the allowDomain( ) method at all—it allows communications from the same domain only. Normally, therefore, you use domain( ) to allow communications from the same domain as well as communications from other domains:

receiving_lc.allowDomain = function (domain) {
  // If the domain of the sending movie is person13.com or the same domain as the
  // receiving movie, allow the communication. Otherwise, disallow it.
  if ( (domain == "person13.com") || (domain == this.domain(  )) ) {
    return true;
  } else {
    return false;
  }
};

17.4.4 See Also

Recipe 15.2 and Recipe 15.6

    [ Team LiB ] Previous Section Next Section