Don’t forget your cross-domain policy files

Posted on Thursday 28 April 2005

You're probably already aware that you can't load xml from another domain when your movie is viewed in Flash player 6 and above. For Flash player 7, www.yourdomain.com and yourdomain.com count as different domains. Therefore if you've hardcoded your domain in your actionscript and someone accesses your site from yourdomain.com instead of www.yourdomain.com, your visitor will get this lovely warning:

The warning is a bit scary. If you want to play it safe then, don't forget to add a cross-domain policy file called crossdomain.xml to the root of your web server, like so:


<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="www.5etdemi.com" />
   <allow-access-from domain="5etdemi.com" />
   <allow-access-from domain="72.10.35.245" />
</cross-domain-policy>
 

You should always allow www.yourdomain.com, domain.com and your IP address to stay on the safe side. I've just added the file myself and I don't receive the warning anymore on my own site. More info on the security sandbox here.


WordPress database error: [Can't open file: 'wp_comments.MYD'. (errno: 145)]
SELECT * FROM wp_comments WHERE comment_post_ID = '86' AND comment_approved = '1' ORDER BY comment_date

No comments have been added to this post yet.

Leave a comment




Your e-mail address is never displayed. If you run into issues with SpamKarma blocking you, email me at $patrick->5etdemi(com)


RSS feed for comments on this post | TrackBack URI