1

In my flex application, the war is packaged with crossdomain.xml policy file.

    <?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>

The entries mentioned here means the SWF file from any/all domain can access the server data.

My question here is

  1. the crossdomain.xml necessarily need to be there for accessing the server ?

  2. What happens if we don't have a crossdomain.xml policy file while the SWF file is accessing the server for data ?

  3. Is there any default restrictions the server may have to access its data if we don't place a crossdomain.xml ?

Kindly, Please help me with your answers.

Santhosh Madhavaraj
  • 67
  • 11

1 Answers1

2

Is the crossdomain.xml necessarily need to be there for accessing the server ?

No. It is required for a browser based SWF that is located on a different domain from the server. But, a SWF served from the same domain does not need a crossdomain.xml place. A Flash Platform App deployed outside of the browser, as an AIR app or mobile application will not need a crossdomain file to access the server.

What happens if we don't have a crossdomain.xml policy file while the SWF file is accessing the server for data ?

If the SWF is served off the same domain as the server; then nothing will happen. If the SWF is on a different domain, then your remote class will dispatch a fault event; which will contain a security error of sorts.

Is there any default restrictions the server may have to access its data if we don't place a crossdomain.xml ?

Yes, but nothing I haven't already said. A SWF served off the same domain as the server can access files/services on that domain. A SWF served off a different domain cannot.

As an example a SWF located at http://mydomain.com/mySWF.swf will be able to access http://mydomain.com/service/MyServiceEndPoint or http://mydomain.com/someImage.gif without any issues. It will not be able to access http://myOtherDomain.com/service/MyServiceEndPoint or http://myOtherDomain.com/someImage.gif.

JeffryHouser
  • 39,401
  • 4
  • 38
  • 59
  • hi Reboog711, Thanks a lot for your answers. This gives me a clear view about crossdomain policy file. – Santhosh Madhavaraj Jun 10 '13 at 10:01
  • Great; if you think this completely answers your question be sure to mark it as the 'correct' answer.There should be a 'check' button under the voting numbers thatyou can press. – JeffryHouser Jun 10 '13 at 13:24