Paul Robertson's words, punctuated

Thoughts on development, user-centered design, code, etc. by Paul Robertson

Accessing local and remote resources in a locally running SWF

A few days ago I got a question about accessing local and remote resources from a SWF running locally:

I have a question. You say that in your presentation “[When they’re running locally,] SWF files are set to load local files only or remote files only – if you want to load the other type, it won’t work and you’ll get an error message. There are several workarounds, …” Can you share the work around for this problem? I used the executable file (instead of swf) but it even gave errors when I had local and remote files to load. The browser should be always open when the file is running. Is there a way to make it run?

(Incidentally, the question was from one of my former classmates from the Indiana University Instructional Systems Technology program.)

The workarounds depend a little bit on what you’re trying to accomplish.

If you want your locally-running SWF to load remote files only, the easiest solution is to change the publish settings for the movie. Under File > Publish Settings, in the Flash Tab, in the “Local playback security” field (the last field) choose “Access network only”.

However, it sounds like you want your SWF to be able to load remote files and local files, which makes things more complicated. What you’ll need to do is to designate the file or a location on the user’s hard drive as a “trusted” file/location. When files are trusted, Flash Player will let you access both local and remote content. There are three approaches to making this work:

  1. Designate the SWF as “trusted” in the Flash Player settings.
    This only works if it’s running in a browser – it sounds like you converted your SWF into an executable, so I don’t think this one will work in that situation.

    This approach is outlined here:
    LiveDocs “Specifying trusted files using the Settings Manager”

  2. Designate the folder containing the SWF (or some higher-up folder) as “trusted” in the Flash Player settings.
    This is the same as the previous approach, except that you designate an entire folder as trusted, so you could use one SWF to designate a folder as trusted, and put another SWF in there and it will automatically be trusted too.

    This approach is also outlined at:
    LiveDocs “Specifying trusted files using the Settings Manager”

  3. Designate the folder containing the SWF (or some higher-up folder) as “trusted” in the local configuration file.
    This achieves the same end result as 2) (an entire folder, and all its contents, are “trusted”). The difference is that this approach involves creating or modifying a configuration file on the user’s computer, so it can be done without needing to access the Internet at all.

    This approach is described here:
    LiveDocs “Creating configuration files for Flash development”

Interestingly, if you are in fact creating an executable containing your SWF and the Flash Player, you shouldn’t have any problems at all, according to this document (LiveDocs “About local file security and projector files”). It says that executables are automatically “trusted” since the user explicitly chooses to run them, so they should be able to access local and remote files. I made a simple test which seemed to confirm this:

  1. Open a new FLA and add a button (instance name myButton) and a dynamic text field (instance name myTextField) to the stage.
  2. Enter this code, attached to a keyframe on frame 1 of the main timeline:
    var myLoadVars:LoadVars = new LoadVars();
    myLoadVars.onLoad = function(success:Boolean)
         myTextField.text = "myLoadVars.value1 = " + myLoadVars.value1 + "\n";
    myButton.onRelease = function()
  3. Save the FLA to your hard drive (I just put mine on the desktop)
  4. In the folder where you saved your FLA, create a new text file named “LocalSecurityTest.txt”, and enter this text in the text file (then save and close): value1=Hello+There!
  5. Under File > Publish Settings, check the “Windows Projector” checkbox, and click Publish.
  6. Double-click the executable and click the button. This text should appear in the text field: “myLoadVars.value1 = Hello There!” then it should open a browser window to “”. (Loading the text file data is a “local” operation; loading a url in a browser is a “network” operation).
  7. If you publish an HTML/SWF version, open the html page and click the button; the text file data will load then you’ll see a security warning about accessing network content. (Alternatively, if you publish the SWF as network only, the text file data won’t load so you’ll see “myLoadVars.value1 = undefined” in the text field and the browser will navigate to