Schabby's Blog
Reserve Orbital Defence Commander

Recently, I noticed an increasing number of requests to a file crossdomain.xml on all our subdomains. A vaguely remembered that this is about Flash trying to access resources on our site, but I didnt really know exactly what it is for until I did some research. In a nutshell:

crossdomain.xml is a bascially a whitelist of domains that you grant access to your site.

In more detail, browser plugins like Flash or hosted apps are always loaded from some URL, let's say somedomain.com. Under normal circumstances, these programs are not allowed to access resources on hosts different from the host they where originally loaded, such as otherdomain.com for example. So if the client is loaded from somedomain.com and wants to load an image from otherdomain.com, it first checks otherdomain.com/crossdomain.xml if it actually allows somedomain.com to access the image.

A simple way to grant access to all resources on your site is to have a crossdomain.xml file that has the following content.

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

I hope that helps. Feel free to leave a comment!


Post Comment

Please notice: Comments are moderated by an Admin.