500 Part III: Advanced Topics
"http://ajaxref.com/ch10/ajaxtcrflash.swf" />';
swfNode += "</object>";
}
document.getElementById("flashHolder").innerHTML = swfNode;
}function getSWF(movieName)
{
if (navigator.appName.indexOf("Microsoft")!= -1)
return window[movieName];
else
return document[movieName];
}
function printMessage(str)
{
document.getElementById("responseOutput").innerHTML = str;
}
window.onload = function()
{
createSWF();
document.getElementById("helloButton").onclick = function(){
var flashBridge = getSWF("helloexternal");
flashBridge.connect("http://unsecure.ajaxref.com/ch1/
sayhello.php", "printMessage"); }
}
</script>
</head>
<body>
<form action="#">
<input type="button" value="Say Hello" id="helloButton" />
</form>
<br /><br />
<div id="flashHolder"></div>
<div id="responseOutput"> </div>
</body>
</html>You may want to note a couple of items in Figure 10-4. First, you can clearly see the
fetch for the crossdomain.xml file before the request is invoked. Second, the continuous
status message presented to the user when Flash remoting is used, which might be a bit
disconcerting to users.The Future: Native XHR Cross Domain Access
In the very near future, maybe even as you read this, it is quite likely that browsers will
more commonly break the same origin policy (SOP) and boldly go where no XHR has
gone before. Early versions of Firefox 3 include the first attempt at native XHR cross-
domain access and have implemented the emerging W3C standard for cross-site access
control (www.w3.org/TR/access-control/). Following this specification to enable cross-
site access, the resource in question has to issue an access control header in its response.