zoukankan      html  css  js  c++  java
  • Flash / Flex Tutorial How to Create a crossdomain.xml file

    Flash / Flex Tutorial - How to Create a crossdomain.xml file.

    This brief tutorial will teach you how to create a crossdomain.xml file so that you can access files and information from outside domains and load files and data within your Flash / Flex apps. It is as simple as 4 easy steps.

    1. Create an xml file named crossdomain.xml. (XML can be created with Dreamweaver or just simply MS Notepad. Just make sure that you give it the '.xml ' extension on the end.)
    2. Copy and paste one of the code examples below into the XML file:
    3. Save the file.
    4. FTP / upload the file to the root directory of your website. (you should be able to see the file in a browser by typing the url www.yourwebsite.com/crossdomain.xml).

    XML Code 1:
    This is a typical crossdomain.xml file. Notice that I included my domain as well as my domain without the 'www' in front.

    <?xml version="1.0"?><!DOCTYPE cross-domain-policySYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="www.curtismorley.com" />
    <allow-access-from domain="curtismorley.com" />
    </cross-domain-policy>

    XML Code 2:
    The follwing Code will allow all domains. This effectively eliminates any security that Flash would have otherwise had. I suggest that you don't use this example unless you enjoy security holes.

    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    <allow-access-from domain="*" />
    </cross-domain-policy>

    XML Code 3:
    The block of code below will explicitly disallow any and all access from any outside domain. As well, any domain that is not spelled exactly how the host domain is spelled will be blocked. This is the tighest cross domain security that you can employee.

    <?xml version="1.0"?>
    <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
    <cross-domain-policy>
    </cross-domain-policy>

    XML Code 4:
    The code below illustrates different uses of the '*' wildcard symbol. This is the crossdomain.xml file from Amazon.com The wildcard allows for any variation before '.amazon.com'. Amazon does this because of the public services and APIs that it allows others to connect to.

    <cross-domain-policy>
    <allow-access-from domain="*.amazon.com"/>
    <allow-access-from domain="amazon.com"/>
    <allow-access-from domain="www.amazon.com"/>
    <allow-access-from domain="pre-prod.amazon.com"/>
    <allow-access-from domain="devo.amazon.com"/>
    <allow-access-from domain="images.amazon.com"/>
    <allow-access-from domain="anon.amazon.speedera.net"/>
    <allow-access-from domain="*.amazon.ca"/>
    <allow-access-from domain="*.amazon.de"/>
    <allow-access-from domain="*.amazon.fr"/>
    <allow-access-from domain="*.amazon.jp"/>
    <allow-access-from domain="*.amazon.co.jp"/>
    <allow-access-from domain="*.amazon.uk"/>
    <allow-access-from domain="*.amazon.co.uk"/>
    </cross-domain-policy>

    Creating a cross domain policy file is just that easy.

    And Happy Flashing.

    P.S. I highly suggest that you read one or all of the following articles on cross domain policy files and the Flash Player security sandbox,

    Crossdomain Article by Colin Moock

    Adobe Crossdomain Technote (this one is required reading)

    Flash Player 9 Security Whitepaper

    Adobe LiveDocs on Flash Player Security

  • 相关阅读:
    高德地图API1.4.15较1.4.12的marker属性取值发生变化
    Cesium加载地图提示RangeError:Invalid of array List
    layui分页功能使用——点页码再查询
    设置layui的自定义样式
    页面引入layui.js后提示layui未定义
    SQL语句出现sql关键字
    vs2017 vs2019配置sqlite3连接引擎(驱动)指南(二)vs2019续集
    vs2017 vs2019配置sqlite3连接引擎(驱动)指南(一)vs2019篇
    Qt C++ QDataStream和QBuffer
    Qt C++不规则窗口
  • 原文地址:https://www.cnblogs.com/buffer/p/1736319.html
Copyright © 2011-2022 走看看