Cross domain policies
Cross domain policies grant permission to communicate with servers other than the one the client is hosted on.
Cross-domain XML file
The cross-domain policy is defined in an XML file
A cross-domain policy file is an XML document that grants a web client – such as Adobe® Flash® Player, Adobe Reader, Silverlight® Player – permission to handle data across multiple domains. When a client hosts content from a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain must host a cross-domain policy file that grants access to the source domain, allowing the client to continue with the transaction. Policy files grant read access to data, permit a client to include custom headers in cross-domain requests, and are also used with sockets to grant permissions for socket-based connections.
For example, say that the Diffusion™ client is loaded from static.example.com and the connection URL to the Diffusion client is http://streaming.example.com, a crossdomain.xml file must be loaded from static.example.com
A crossdomain.xml is required if one of the following is true:
- You are using Diffusion as a streaming data server and a separate web server which are on different domains
- The Diffusion connection type is HTTP, HTTPS, HTTPC, or HTTPCS
- You are not using a load balancer to HTTP rewrite Diffusion traffic
Installing the crossdomain.xml file for Flash/Silverlight HTTP request
- If you use Diffusion as a web server, copy the crossdomain.xml file from the Diffusion install /etc folder to the root of the html folder
- If you do not use Diffusion as a web server, copy the crossdomain.xml file from the Diffusion install /etc folder to the virtual root of the web server hosting the Diffusion html lib folder
By default, Diffusion does not have crossdomain.xml installed. We shipped an example which allow all domains and all ports to access the Diffusion server. This must be edited to include the correct security details for your installation.