About cross-domain policy files crossdomain.xml file

Source: Internet
Author: User

Download Flexpaper source modified into a SWF reader, to join the SWF file to be read, you can call JS in the Flex method to get the path of the SWF file, the JS only focus on the path to the line, waiting for the flex to invoke: But there is a problem that is a security issue , like the following tip: Error #2044: Unhandled ondocumentloadederror:. Text=error #2048: Security sandbox conflict: http://localhost:8080/UpLoadAndDownLoad/FlexPaper.swf cannot be from http://127.0.0.1:8080/ myfileconvert/convertfile/application1/2.swf loading data. This is caused by the security of the cross-domain transmission of flash data, when I add the following file in the Webapps/root directory of Tomcat, I can solve the problem of the SWF file that the security problem is cited, but this is to expose the SWF file to all IP access, So there are security issues:

XML code <?xml version= "1.0" encoding= "UTF-8"?> <cross-domain-policy> < Allow-access-from domain= "*"/> </cross-domain-policy>

<?xml version= "1.0" encoding= "UTF-8"?>
<cross-domain-policy>
<allow-access-from domain= "*" />
</cross-domain-policy>

The following is a reprint of the cross-domain issues:

About cross-domain policy files crossdomain.xml file

Http://www.xiaonei.com/crossdomain.xml

<!– http://www.xiaonei.com/ –>
XML code <?xmlVersion= "1.0" encoding= "UTF-8" ?> <cross-domain-policy> <allow-access-fromDomain= "*.xiaonei.com" /> <allow-access-fromDomain= "Xiaonei.com" /> </cross-domain-policy>
<?xml version= "1.0" encoding= "UTF-8"?>
<cross-domain-policy>
	<allow-access-from domain= "* . xiaonei.com "/>
	<allow-access-from domain=" xiaonei.com "/>
</cross-domain-policy>


This is a very standard practice, and I will let my own domain and my subdomain to get the data.

Taobao's:

Http://www.taobao.com/crossdomain.xml

XML code <?xmlVersion= "1.0" encoding= "UTF-8" ?> <cross-domain-policy> <allow-access-fromDomain= "*.taobao.com" /> <allow-access-fromDomain= "*.taobao.net" /> <allow-access-fromDomain= "*.taobaocdn.com" /> <allow-access-fromDomain= "*.allyes.com" /> </cross-domain-policy>
<?xml version= "1.0" encoding= "UTF-8"?>
<cross-domain-policy>
	<allow-access-from domain= "*. Taobao.com "/>
	<allow-access-from domain=" *.taobao.net "/> <allow-access-from
	domain=" *. Taobaocdn.com "/>
	<allow-access-from domain=" *.allyes.com "/>
</cross-domain-policy>

The red line is the domain of Taobao's CDN, the so-called content distribution network.

Green Line is Taobao advertisers, http://www.allyes.com/good advertising network, just don't know is still selling Taobao ads.

Look at the crossdomain.xml of several big websites, and you can also know what network advertisers are giving them advertising.

Like Bloomberg: Http://www.bloomberg.com/crossdomain.xml

XML code <?xmlVersion= "1.0" encoding= "UTF-8" ?> <cross-domain-policy> <allow-access-fromdomain= "localhost" /> <allow-access-fromDomain= "10.16.136.107" /> <allow-access-fromDomain= "*.bloomberg.com" /> <allow-access-fromDomain= "*.pointroll.com" /> <allow-access-fromDomain= "*.pointroll.net" /> </cross-domain-policy>
<?xml version= "1.0" encoding= "UTF-8"?>
<cross-domain-policy>
	<allow-access-from domain= " localhost "/>
	<allow-access-from domain=" 10.16.136.107 "/>
	<allow-access-from domain=" *. Bloomberg.com "/>
	<allow-access-from domain=" *.pointroll.com "/> <allow-access-from
	domain=" *.pointroll.net "/>
</cross-domain-policy>

The red is too unprofessional, the internal IP is exposed ...

The green one is Bloomberg's Advertiser: PointRoll

By Reuters:

Http://www.reuters.com/crossdomain.xml

XML code <?xmlVersion= "1.0" encoding= "UTF-8" ?> <cross-domain-policy> <allow-access-fromDomain= "*.reuters.com" secure= "false" /> <allow-access-fromDomain= "Ad.doubleclick.net" secure= "false" /> <allow-access-fromDomain= "Ad.uk.doubleclick.net" secure= "false" /> <allow-access-fromDomain= "M.2mdn.net" secure= "false" /> <allow-access-fromDomain= "M2.2mdn.net" secure= "false" /> </cross-domain-policy>
<?xml version= "1.0" encoding= "UTF-8"?>
<cross-domain-policy>
	<allow-access-from domain= "*. Reuters.com "secure=" false "/>
	<allow-access-from domain=" ad.doubleclick.net "
		secure=" false "/>
	<allow-access-from domain= "ad.uk.doubleclick.net"
		secure= "false"/>
	<allow-access-from Domain= "M.2mdn.net" secure= "false"/>
	<allow-access-from domain= "M2.2mdn.net" secure= "false"/>
</cross-domain-policy>

The ad gave DoubleClick to do (green)

2mdn.net can not understand what is doing, probably a CDN it.

Facebook with a feeling of abuse:

Http://www.facebook.com/crossdomain.xml

XML code <?xmlVersion= "1.0" encoding= "UTF-8" ?><! DOCTYPE cross-domain-policy SYSTEM "Http://www.adobe.com/xml/dtds/cross-domain-policy.dtd" > <cross-domain-policy> <site-controlPermitted-cross-domain-policies= "Master-only" /> <allow-access-fromDomain= "S-static.facebook.com" /> <allow-access-fromDomain= "Static.facebook.com" /> <allow-access-fromDomain= "Static.api.ak.facebook.com" /> <allow-access-fromDomain= "*.static.ak.facebook.com" /> <allow-access-fromDomain= "S-static.thefacebook.com" /> <allow-access-fromDomain= "Static.thefacebook.com" /> <allow-access-fromDomain= "Static.api.ak.thefacebook.com" /> <allow-access-fromDomain= "*.static.ak.thefacebook.com" /> <allow-access-fromDomain= "*.static.ak.fbcdn.com" /> <allow-access-fromDomain= "External.ak.fbcdn.com" /> <allow-access-fromDomain= "*.static.ak.fbcdn.net" /> <allow-access-fromDomain= "External.ak.fbcdn.net"

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.