If my web server is configured to allow cross-origin requests in his crossdomain.xml, and also to deny them via CORS (Access-Control-Allow-Origin: site111.org), which configuration will be respected in the case where a website (site222.com) send a cross-origin HTTP request to my web server ?
As far as I understand crossdomain.xml is a policy file which concern only Flash requests, but not sure if CORS is appliyed in all cross-origin requests or just the ones that come from Javascript
Asked
Active
Viewed 1,234 times
3
Reda LM
- 191
- 1
- 2
- 10
1 Answers
8
CORS only affects JavaScript. crossdomain.xml only affects Flash. There is no overlap.
Quentin
- 914,110
- 126
- 1,211
- 1,335
-
3Tiny correction: In addition to JavaScript requests, CORS also affects cross-domain requests using @font-face in CSS. Often no biggie, but it gets forgotten too frequently. – roryhewitt Jan 05 '18 at 21:06