crossdomain.xml File

by Geethalakshmi 2011-09-22 18:35:15

crossdomain.xml File


Step 1: A Basic crossdomain.xml File

Here is a very simple crossdomain.xml file. When this file is hosted on the root of your domain it permits external Flash applications access to all the resources on your domain.
view plaincopy to clipboardprint?

$lt;?xml version="1.0"?$gt;
$lt;cross-domain-policy$gt;
$lt;allow-access-from domain="*" /$gt;
$lt;/cross-domain-policy$gt;

The policy file contains a single $lt;cross-domain-policy$gt; tag. Inside this you can have zero or more $lt;allow-access-from$gt; tags. Each $lt;allow-access-from$gt; tag can be used to define a domain or IP address from which a Flash application can access the local resources. The attribute domain="*" specifies that all domains have access. This is thanks to the asterisk wildcard, which is used here to match all domains and IP addresses.

For most situations this "allow all" policy file is sufficient. It grants Flash applications access to all pubic resources, while any security you have in place (like password protected pages) will still prevent Flash applications from accessing sensitive data.

(Note that you cannot put a crossdomain.xml file on your domain that will allow SWFs also on your domain to access remote files on another domain!)

Step 2: Specified Domains

If you do not want to allow global access to your public resources, the domain attribute in the $lt;allow-access-from$gt; tag can be used to grant access to specific domains.

You can specify a domain in its entirety. The example below will give access to Flash applications hosted in the www.example.com domain.
view plaincopy to clipboardprint?

$lt;allow-access-from domain="www.example.com" /$gt;

You can use the asterisk wildcard to match those domains that end with the given suffix. Here we grant access to Flash applications on the domains example.com, www.example.com, whatever.example.com etc.
view plaincopy to clipboardprint?

$lt;allow-access-from domain="*.example.com" /$gt;

Step 3: Specified IP Addresses

You can specify access by IP address just as you can grant access to Flash applications hosted on specified domains. The same tag and attributes are used, except in this case you use an IP address:
view plaincopy to clipboardprint?

$lt;allow-access-from domain="123.456.789.123" /$gt;

Step 4: Working with HTTPS

By default a Flash application hosted on an HTTPS server can only access resources on remote HTTPS servers. But given the overhead that HTTPS can add to a server you may not want to use it. In this case setting the secure attribute to false will allow a Flash application on an HTTPS server to access data from an HTTP server.
view plaincopy to clipboardprint?

$lt;allow-access-from domain="*" secure="false"/$gt;

Step 5: Remote Flash Applications

So what if you don’t want remote Flash applications accessing your data? You can either create a crossdomain.xml file that does not include any $lt;allow-access-from$gt; tags:
view plaincopy to clipboardprint?

$lt;?xml version="1.0"?$gt;
$lt;cross-domain-policy$gt;
$lt;/cross-domain-policy$gt;

Or you can simply not have a crossdomain.xml file at all.

Step 6: Granular Control of Subdirectories

A cross domain policy file will control access to the directory it resides in, and all the subdirectories beneath it. This is how placing a "allow all" policy file at your domain root allows access to your entire domain. But there may be situations where you want to only allow access to a certain subdirectory.

With the latest versions of the Flash Player this requires two XML files. First you need to place a crossdomain.xml file in the root of your domain that allows Flash to process additional cross domain policy files within the subdirectories. This is done with the $lt;site-control$gt; tag. In the example below we set the permitted-cross-domain-policies attribute to all, which means that the cross domain policy files that may exist in the subdirectories will be processed. This behavior is a change in Flash Player 9 Update 3 and up. Previously policy files in subdirectories were processed by default without having to set the permitted-cross-domain-policies attribute.

Note that we have not added any $lt;allow-access-from$gt; tags, which means in the absence of an additional crossdomain.xml files in the subdirectories, remote Flash applications will not have access to the resources on this server.

Tagged in:

956
like
0
dislike
0
mail
flag

You must LOGIN to add comments