In order for Flash and other client-side technologies be able to submit cross domain, we need to place a file called crossdomain.xml in the website root. And below is an example of crossdomain.xml
Cross domain policy file – crossdomain.xml
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="domain1.com" /> <allow-access-from domain="*.domain2.com" secure="true" /> <allow-access-from domain="*.domain3.com" /> </cross-domain-policy> |
Note:
- 1. If allow cross domain access for a particular domain and all its sub domains, use *.example.com
- 2. If the communications need to switch between HTTP and HTTPS, we need to use secure=”true” attribute.
- 3. Specify domain=”*”; meaning allow access from all domains; is NOT recommended.