Yet Another crosdomain.xml question or: “How to interpret documentation correctly”

Question

I have read a lot about the new policy-policy of flash player and also know the master policy file. Now image the following situation: There are two servers with services (http) running at custom ports

• servera.com:2222/websiteA
• serverb.com:3333/websiteB

Now I open a swf from server a (eg. servera.com:2222/websiteA/A.swf) that wants to access the service of serverb. Of course I need a crossdomain.xml at the right place and there are multiple variations possible. I dont want to use a master policy file, as I might not have control over the root of both servers.

One solution I found works with the following crossdomain:

<?xml version="1.0"?>
<cross-domain-policy>
    <allow-access-from domain="*"/>
</cross-domain-policy>

served at serverb.com:3333/websiteB/crossdomain.xml

So now for my question: Is it possible to get rid of the "*" and use a proper (not as general as *) domainname in the allow-access-from rule? All my attempts failed, and from what I understand it should be possible.

Answer 1

Try:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
    <allow-access-from domain="*.servera.com" to-ports="3333"/>
</cross-domain-policy>

(you may have to specify the port for the from domain as well - I haven't had to deal w/ cross domain w/ ports in a while.

Answer 2

Be very careful with crossdomain policy files. If you are using cookie auth or if serverb.com is on an internal network then you should not use a crossdomain policy. Alternatively you can use a proxy on servera.com that proxies the requests to serverb.com. That would avoid the crossdomain request.

You should also setup logging using an mm.cfg file containing:

ErrorReportingEnable=1
TraceOutputFileEnable=1
PolicyFileLog=1
PolicyFileLogAppend=1

That will log the errors to a text file. Check out more details on setting up the mm.cfg file.