A new security policy is added to flash9/10.
The http header returned by the requested crossdomain. xml must be replaced by content-type and must be text/(any text format)
If this is not the case, crossdomain. xml will be ignored even if it exists.
It took only one day to find out and collapsed...
Details: http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html#_Content-Type_Whitelist
Reference:
Content-type whitelist
Starting in version 9,0, 115,0, Flash Player will ignore any HTTP policy file that is not sent withContent-Type
Value that gives some assurance that the file is intended to be a text file. Flash Player requires that a policy file'sContent-Type
Must be one of the following:
Content-Type
Values are determined from the response headers provided by HTTP servers. Servers may chooseContent-Type
Based on a file's name, extension, location, contents, or the instructions of a server script generating the file. If you need to changeContent-Type
Associated with a policy file, you may need to reconfigure a registry mapping filename extensionsContent-Type
Values, or edit a general server configuration file. Consult the documentation for your HTTP server.