Yet Another crosdomain.xml question or: “How to interpret documentation correctly”
-
25-09-2019 - |
Question
I have read a lot about the new policy-policy of flash player and also know the master policy file. Now image the following situation: There are two servers with services (http) running at custom ports
- servera.com:2222/websiteA
- serverb.com:3333/websiteB
Now I open a swf from server a (eg. servera.com:2222/websiteA/A.swf) that wants to access the service of serverb. Of course I need a crossdomain.xml at the right place and there are multiple variations possible. I dont want to use a master policy file, as I might not have control over the root of both servers.
One solution I found works with the following crossdomain:
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
served at serverb.com:3333/websiteB/crossdomain.xml
So now for my question:
Is it possible to get rid of the "*"
and use a proper (not as general as *
) domainname in the allow-access-from rule?
All my attempts failed, and from what I understand it should be possible.
Solution
Try:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.servera.com" to-ports="3333"/>
</cross-domain-policy>
(you may have to specify the port for the from domain as well - I haven't had to deal w/ cross domain w/ ports in a while.
OTHER TIPS
Be very careful with crossdomain policy files. If you are using cookie auth or if serverb.com is on an internal network then you should not use a crossdomain policy. Alternatively you can use a proxy on servera.com that proxies the requests to serverb.com. That would avoid the crossdomain request.
You should also setup logging using an mm.cfg file containing:
ErrorReportingEnable=1
TraceOutputFileEnable=1
PolicyFileLog=1
PolicyFileLogAppend=1
That will log the errors to a text file. Check out more details on setting up the mm.cfg file.