Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What is crossdomain.xml file?

Actually I wish I knew where to start from...

I have embedded an third party SWF image gallery control, in an personal website of mine.

The SWF is XML driven. I load the XML file on the fly as follows....

  var flashvars = { xmlPath: "http://www.example.com/xml.aspx" };
                var params = { allowFullScreen: "true", wmode: "transparent", allowScriptAccess: "always"};
                var attributes = {};
                swfobject.embedSWF("main.swf", "gallery", "100%", "100%", "9.0.0", "expressInstall.swf", flashvars, params, attributes);

The problem is that the page did not work as expected. Actually it worked only in Firefox, not in Chrome or I.E.

After checking the requests with fiddler, i found that the file crossdomain.xml was not found. So, stackoverflow helped me finding a sample...

<?xml version="1.0" ?>
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

After adding the crossdomain.xml the webpage now works in Firefox AND I.E. In Chrome i still have a problem.

So here are a couple of questions...

1) What is the crossdomain.xml?

2) How can i make my webpage work in Chrome too?

like image 623
OrElse Avatar asked Nov 13 '10 19:11

OrElse


People also ask

Can I delete Crossdomain xml?

The crossdomain. xml file is only used by SWF files that leverage Adobe Flash External Interface API. If this API is not being tracked then the crossdomain. xml file can safely be removed from the On Premises SDC (SmartSource Data Collector) document root.

What is Crossdomain?

Cross Domain Solutions (CDS), also known as high speed Guard solutions, are integrated software-hardware systems that make secure access to and exchange of sensitive data possible across networks between various levels of security classification, including incompatible security domains.

Where is Crossdomain xml located?

The most common location for a policy file on a server is in the root directory of a target domain with the filename crossdomain. xml (e.g. https://example.com/crossdomain.xml)—the default location that clients check when a policy file is required.

What is ClientAccessPolicy xml?

The ClientAccessPolicy. xml file allows other Silverlight client services to make HTTP requests to your web server and see its response. This might be used for accessing one time tokens and CSRF nonces to bypass CSRF restrictions. Remediation. Configure your ClientAccessPolicy.


1 Answers

"A cross-domain policy file is an XML document that grants a web client—such as Adobe Flash Player, Adobe Reader, etc.—permission to handle data across multiple domains.". Taken from Adobe website http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html.

EDIT: Answer to question 2: Flex crossdomain.xml not working correctly in Chrome/Firefox?. Install Adobe Flash Player for developers, Fiddler (or similar), these tools should make your life easier. Also read http://kb2.adobe.com/cps/839/cpsid_83950.html.

like image 93
Tomas Voracek Avatar answered Sep 18 '22 15:09

Tomas Voracek