![[D]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sz5ubmpKHOGRiSUhlwZv-hmc_fOGeGUrNHcFzJQJYVd5f-zbGg4pjySTsSWZlZbKlYCE3IE9gm_R_8uqr9qzitZzMm5dwQ31HWmQ=s0-d)
Flash Player 10 meta-policy requirement for all sites and also ASPX and dot net .net sites which don't allow php proxy files
Adobe Flash Player 10 crossdomain.xml fle must be exist to work your flash for aspx dot net and all other sites
First of all you must put the crossdomain.xml file in the root directory of your site
for example www.mydomain.com/crossdomain.xml
you can see example in Adobe real file here http://www.adobe.com/crossdomain.xml
and also in youtube http://youtube.com/crossdomain.xml
second
if you want to give permission to only your site to load data from any where
you have to make your crossdomoain.xml file like below and upload it in the root directory: as we mentioned earlier www.mydomain.com/crossdomain.xml
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*.mydomain.com" />
</cross-domain-policy>
but if you want to give permission to any site to load data from any where
you have to make your crossdomoain.xml file like below and upload it in the root directory: as we mentioned earlier www.mydomain.com/crossdomain.xml
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" />
</cross-domain-policy>
that's all if you want to know more about this you can read below
Issue
Tomaintain the best possible security for end-users and servers, if a master policy file is not in the master location, does not contain meta-policies, or is set to master-only, other policy files defined in alternate locations on the domain will be ignored by Flash Player 10 and higher.
Reason
Flash Player 10 changes the default behavior of the meta-policy. A meta-policy provides server administrators theflexibility to designate what policy files arepermitted on a server. With Flash Player 10, the meta-policy default changed from "all" to "master-only." This change will allow any policy file saved in the root of the domain to continue to function as expected. However, all other policy files defined in alternate locations on the domain will require an explicit meta-policy.
Solution
Define a meta-policy for your domain. If you are only using a master policy file, Adobe still recommends that you define a meta-policy.
You can also manage policy files on a directory basis by setting up a master policy file that only sets a meta-policy. This can allow other policy files to be used without the master policy file declaring any specific permissions itself.
For example, if you control all the content on your server, and you areconfident that unauthorized userscould notcreate a policy file on your server, you can use the meta-policy all,permitting any file on the server to be used as a policy file:
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
If you want to prevent unauthorizedusers from creating a policy file on your server, you can use the meta-policy by-content-type,permitting any file on the server with the content-type text/x-cross-domain-policy to be used as a policy file:
<cross-domain-policy>
<site-control permitted-cross-domain-policies="by-content-type"/>
</cross-domain-policy>
You can also declarea meta-policy using HTTP response headers. For more information see the meta-policies section in "Policy file changes in Flash Player."
4 years ago
