The SoundLoaderContext class provides security checks for files that load
sound. SoundLoaderContext objects are passed as an argument to the
constructor and the load() method of the Sound class.
When you use this class, consider the following security model:
- Loading and playing a sound is not allowed if the calling file is in a network sandbox and the sound file to be loaded is local.
- By default, loading and playing a sound is not allowed if the calling is local and tries to load and play a remote sound. A user must grant explicit permission to allow this.
- Certain operations dealing with sound are restricted. The data in a
loaded sound cannot be accessed by a file in a different domain unless you
implement a URL policy file. Sound-related APIs that fall under this
restriction are the
Sound.id3property and theSoundMixer.computeSpectrum(),SoundMixer.bufferTime, andSoundTransform()methods.
However, in Adobe AIR, content in the application security
sandbox(content installed with the AIR application) are not restricted by
these security limitations.
For more information related to security, see the Flash Player Developer Center Topic: Security.
Constructor
new(bufferTime:Float = 1000, checkPolicyFile:Bool = false)
Creates a new sound loader context object.
Parameters:
bufferTime | The number of seconds to preload a streaming sound into a buffer before the sound starts to stream. |
|---|---|
checkPolicyFile | Specifies whether the existence of a URL policy file should be checked upon loading the object |
Variables
bufferTime:Float
The number of milliseconds to preload a streaming sound into a buffer before the sound starts to stream.
Note that you cannot override the value of
SoundLoaderContext.bufferTime by setting the global
SoundMixer.bufferTime property. The
SoundMixer.bufferTime property affects the buffer time for
embedded streaming sounds in a SWF file and is independent of dynamically
created Sound objects (that is, Sound objects created in
Haxe code).
checkPolicyFile:Bool
Specifies whether the application should try to download a URL policy
file from the loaded sound's server before beginning to load the
sound. This property applies to sound that is loaded from outside the
calling file's own domain using the Sound.load() method.
Set this property to true when you load a sound from outside the
calling file's own domain and code in the calling file needs low-level
access to the sound's data. Examples of low-level access to a sound's
data include referencing the Sound.id3 property to get an ID3Info
object or calling the SoundMixer.computeSpectrum() method to get
sound samples from the loaded sound. If you try to access sound data
without setting the checkPolicyFile property to true at loading
time, you may get a SecurityError exception because the required
policy file has not been downloaded.
If you don't need low-level access to the sound data that you are
loading, avoid setting checkPolicyFile to true. Checking for a
policy file consumes network bandwidth and might delay the start of
your download, so it should only be done when necessary.
When you call Sound.load() with SoundLoaderContext.checkPolicyFile
set to true, Flash Player or AIR must either successfully download a
relevant URL policy file or determine that no such policy file exists
before it begins downloading the specified sound. Flash Player or AIR
performs the following actions, in this order, to verify the existence
of a policy file:
- Flash Player or AIR considers policy files that have already been downloaded.
- Flash Player or AIR tries to download any pending policy files
specified in calls to
Security.loadPolicyFile(). - Flash Player or AIR tries to download a policy file from the default
location that corresponds to the sound's URL, which is
/crossdomain.xmlon the same server asURLRequest.url. (The sound's URL is specified in theurlproperty of the URLRequest object passed toSound.load()or the Sound() constructor function.)
In all cases, Flash Player or AIR requires that an appropriate policy
file exist on the sound's server, that it provide access to the sound
file at URLRequest.url by virtue of the policy file's location, and
that it allow the domain of the calling file to access the sound,
through one or more <allow-access-from> tags.
If you set checkPolicyFile to true, Flash Player or AIR waits
until the policy file is verified before loading the sound. You should
wait to perform any low-level operations on the sound data, such as
calling Sound.id3 or SoundMixer.computeSpectrum(), until
progress and complete events are dispatched from the Sound object.
If you set checkPolicyFile to true but no appropriate policy file
is found, you will not receive an error until you perform an operation
that requires a policy file, and then Flash Player or AIR throws a
SecurityError exception. After you receive a complete event, you
can test whether a relevant policy file was found by getting the value
of Sound.id3 within a try block and seeing if a SecurityError is
thrown.
Be careful with checkPolicyFile if you are downloading sound from a
URL that uses server-side HTTP redirects. Flash Player or AIR tries to
retrieve policy files that correspond to the url property of the
URLRequest object passed to Sound.load(). If the final sound file
comes from a different URL because of HTTP redirects, then the
initially downloaded policy files might not be applicable to the
sound's final URL, which is the URL that matters in security
decisions.
If you find yourself in this situation, here is one possible solution.
After you receive a progress or complete event, you can examine
the value of the Sound.url property, which contains the sound's
final URL. Then call the Security.loadPolicyFile() method with a
policy file URL that you calculate based on the sound's final URL.
Finally, poll the value of Sound.id3 until no exception is thrown.
This does not apply to content in the AIR application sandbox. Content in the application sandbox always has programatic access to sound content, regardless of its origin.
For more information related to security, see the Flash Player Developer Center Topic: <a href="http://www.adobe.com/go/devnet_security_en" scope="external">Security.