The SoundLoaderContext class provides security checks for files that load
sound. SoundLoaderContext objects are passed as an argument to the
constructor and the
load() method of the Sound class.
When you use this class, consider the following security model:
- Loading and playing a sound is not allowed if the calling file is in a network sandbox and the sound file to be loaded is local.
- By default, loading and playing a sound is not allowed if the calling is local and tries to load and play a remote sound. A user must grant explicit permission to allow this.
- Certain operations dealing with sound are restricted. The data in a
loaded sound cannot be accessed by a file in a different domain unless you
implement a URL policy file. Sound-related APIs that fall under this
restriction are the
Sound.id3property and the
However, in Adobe AIR, content in the
sandbox(content installed with the AIR application) are not restricted by
these security limitations.
For more information related to security, see the Flash Player Developer Center Topic: Security.
new (bufferTime:Float = 1000, checkPolicyFile:Bool = false)
Creates a new sound loader context object.
The number of seconds to preload a streaming sound into a buffer before the sound starts to stream.
Specifies whether the existence of a URL policy file should be checked upon loading the object
The number of milliseconds to preload a streaming sound into a buffer before the sound starts to stream.
Note that you cannot override the value of
SoundLoaderContext.bufferTime by setting the global
SoundMixer.bufferTime property. The
SoundMixer.bufferTime property affects the buffer time for
embedded streaming sounds in a SWF file and is independent of dynamically
created Sound objects(that is, Sound objects created in
Specifies whether the application should try to download a URL policy
file from the loaded sound's server before beginning to load the
sound. This property applies to sound that is loaded from outside the
calling file's own domain using the
Set this property to
true when you load a sound from outside the
calling file's own domain and code in the calling file needs low-level
access to the sound's data. Examples of low-level access to a sound's
data include referencing the
Sound.id3 property to get an ID3Info
object or calling the
SoundMixer.computeSpectrum() method to get
sound samples from the loaded sound. If you try to access sound data
without setting the
checkPolicyFile property to
true at loading
time, you may get a SecurityError exception because the required
policy file has not been downloaded.
If you don't need low-level access to the sound data that you are
loading, avoid setting
true. Checking for a
policy file consumes network bandwidth and might delay the start of
your download, so it should only be done when necessary.
When you call
true, Flash Player or AIR must either successfully download a
relevant URL policy file or determine that no such policy file exists
before it begins downloading the specified sound. Flash Player or AIR
performs the following actions, in this order, to verify the existence
of a policy file:
- Flash Player or AIR considers policy files that have already been downloaded.
- Flash Player or AIR tries to download any pending policy files
specified in calls to
- Flash Player or AIR tries to download a policy file from the default
location that corresponds to the sound's URL, which is
/crossdomain.xmlon the same server as
URLRequest.url. (The sound's URL is specified in the
urlproperty of the URLRequest object passed to
Sound.load()or the Sound() constructor function.)
In all cases, Flash Player or AIR requires that an appropriate policy
file exist on the sound's server, that it provide access to the sound
URLRequest.url by virtue of the policy file's location, and
that it allow the domain of the calling file to access the sound,
through one or more
If you set
true, Flash Player or AIR waits
until the policy file is verified before loading the sound. You should
wait to perform any low-level operations on the sound data, such as
complete events are dispatched from the Sound object.
If you set
true but no appropriate policy file
is found, you will not receive an error until you perform an operation
that requires a policy file, and then Flash Player or AIR throws a
SecurityError exception. After you receive a
complete event, you
can test whether a relevant policy file was found by getting the value
Sound.id3 within a
try block and seeing if a
Be careful with
checkPolicyFile if you are downloading sound from a
URL that uses server-side HTTP redirects. Flash Player or AIR tries to
retrieve policy files that correspond to the
url property of the
URLRequest object passed to
Sound.load(). If the final sound file
comes from a different URL because of HTTP redirects, then the
initially downloaded policy files might not be applicable to the
sound's final URL, which is the URL that matters in security
If you find yourself in this situation, here is one possible solution.
After you receive a
complete event, you can examine
the value of the
Sound.url property, which contains the sound's
final URL. Then call the
Security.loadPolicyFile() method with a
policy file URL that you calculate based on the sound's final URL.
Finally, poll the value of
Sound.id3 until no exception is thrown.
This does not apply to content in the AIR application sandbox. Content in the application sandbox always has programatic access to sound content, regardless of its origin.
For more information related to security, see the Flash Player Developer Center Topic: <a href="http://www.adobe.com/go/devnet_security_en" scope="external">Security.