Cross domain policy files, secure servers, and loads from virtual directories
Two unique issues regarding cross domain policies.
First, in regards to connecting via https://, if you are connecting from a non secure environment, the domain in question must have '-secure="false"' appended to it, for example:
<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
- <cross-domain-policy>
<allow-access-from domain="*.yourinsecuredomain.com" secure="false" />
</cross-domain-policy>
Second, virtual directories...typically your cross domain file is loaded into the root of the server. You'll still need to do that. However, you will need a duplicate cross domain file at the virtual directory level as well. Load the domain root file via Security.loadPolicyFile("http"//www.yourdomain.com/crossdomain.xml"). The second policy file at virtual directory root level does not need to get loaded the same way, however it is checked for automatically when loading the actual content.
Jeff dePascale is a web and mobile applications professional based in Fairfield County, CT.
December 8th, 2009 - 13:05
thanks
life saver
May 3rd, 2010 - 02:00
If you are going to connect from a nonsecure environment the domaiun should contain( ‘-secure=”false”‘ )
the examples were very useful thanks.