Login/Register
What is crossdomain.xml file?
Asked Answered
Solved asp.netflashcross-domainswfobjectcrossdomain.xml
E

2

18

Actually I wish I knew where to start from...

I have embedded an third party SWF image gallery control, in an personal website of mine.

The SWF is XML driven. I load the XML file on the fly as follows....

  var flashvars = { xmlPath: "http://www.example.com/xml.aspx" };
                var params = { allowFullScreen: "true", wmode: "transparent", allowScriptAccess: "always"};
                var attributes = {};
                swfobject.embedSWF("main.swf", "gallery", "100%", "100%", "9.0.0", "expressInstall.swf", flashvars, params, attributes);

The problem is that the page did not work as expected. Actually it worked only in Firefox, not in Chrome or I.E.

After checking the requests with fiddler, i found that the file crossdomain.xml was not found. So, stackoverflow helped me finding a sample...

<?xml version="1.0" ?>
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only"/>
  <allow-access-from domain="*"/>
  <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

After adding the crossdomain.xml the webpage now works in Firefox AND I.E. In Chrome i still have a problem.

So here are a couple of questions...

1) What is the crossdomain.xml?

2) How can i make my webpage work in Chrome too?

Edieedification answered 13/11, 2010 at 19:37 Comment(0)
M
25

"A cross-domain policy file is an XML document that grants a web client—such as Adobe Flash Player, Adobe Reader, etc.—permission to handle data across multiple domains.". Taken from Adobe website http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html.

EDIT: Answer to question 2: Flex crossdomain.xml not working correctly in Chrome/Firefox?. Install Adobe Flash Player for developers, Fiddler (or similar), these tools should make your life easier. Also read http://kb2.adobe.com/cps/839/cpsid_83950.html.

Moose answered 13/11, 2010 at 19:46 Comment(9)
Thank you! Could you point me why the SWF does not work with Chrome too?Edieedification
i think it is because SO is faster and easier than Google :)Dismount
Actually i learned about the missing crossdomain.xml file with the aid of fiddlerEdieedification
@JNF no worries, without sites like SO, google cannot answer any question at all, so keep posting, asking, trying, sharing. Cheers!Place
@JNF Pssst. That was intended ;-)Moose
"I always wonder why..." So you're one of those people who trusts everything you read on the internet? I always wonder why people keep complaining about that. SO wouldn't exists if everyone just used Google. How about 1) Google search isn't a system of trust, 2) We can't "correct" google search results, 3) You could spend all day looking for an answer and a) never use the correct search terms, or b) use the correct search terms and find bad information.Faviolafavonian
@Faviolafavonian C'mon, I am not that stupid. Why so serious? I am not saying anything about what source you should trust! Also, do you think SO is always correct? Not by a long shot. I've seen countless of incorrect answers, a lot of those were even marked as accepted...Moose
Not the downvoter, however it is better to answer the question with a quotation and then link to the source. If you answer just with links your answer becomes invalid as soon as the links change. It also means people coming here for a quick one sentence answer will need to load another web page.Setscrew
Even I am getting this issue, Insecure crossdomain.xml file nvmbd1bkh150v02.in.ril.com/crossdomain.xml but as per this case, I dont even have a SWF file. So what could be the reason in my case. ?Eusebiaeusebio
E
8

And for all the newbies out there just like me, the SWF works in Chrome too!

The difference was that http://www.example.com and http://example.com are TWO DIFFERENT "entity s".

I was loading the file to var flashvars = { xmlPath: "http://www.example.com/xml.aspx" }; and made my tests with Chrome, on a "different domain" http://example.com

Edieedification answered 13/11, 2010 at 23:8 Comment(1)
That's a bit weird though. As defined here, the description of origin is: Protocol + Port + Hostname. Not sure but may be the hostname is different in both cases.Rollick

© 2022 - 2024 — McMap. All rights reserved.