0

How can I restrict access to only xml.php (or if not that then the path: /api/*)

To any domain?

I've only found how to do domains but not paths or files.

Johnny
  • 1,963
  • 4
  • 21
  • 24

1 Answers1

1

Citing the link below:

Step 6: Granular Control of Subdirectories: A cross domain policy file will control access to the directory it resides in, and all the subdirectories beneath it. This is how placing a "allow all" policy file at your domain root allows access to your entire domain. But there may be situations where you want to only allow access to a certain subdirectory. With the latest versions of the Flash Player this requires two XML files. First you need to place a crossdomain.xml file in the root of your domain that allows Flash to process additional cross domain policy files within the subdirectories.

So as understand it, you could allow access to the /api/ path only, using two policy files, one in the root and one in the api directory.

http://blancer.com/tutorials/30030/quick-tip-a-guide-to-cross-domain-policy-files/

Lars Blåsjö
  • 6,118
  • 2
  • 19
  • 23
  • Thanks this seems exactly what I need however what does the all mean in the link to the policy doc is broken :( – Johnny Nov 20 '10 at 13:37
  • Page 7 of http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html says it – Johnny Nov 20 '10 at 13:41
  • Hm.. I set it up the way it said, but it is only requesting crossdomain.xml and stopping. (in logs) Is there anyway to debug a crossdomain request? – Johnny Nov 20 '10 at 14:09
  • crossdomain policy files only control access to directories. if you want to limit access to only your `xml.php` file, then you will need to place that file in it's own directory add a policy file in that dir, and also update your master cross-domain policy to allow child policys). It's kinda complicated, but the resources @Johnny pointed to should give you the info you need. – gthmb Nov 20 '10 at 19:57