What is crossdomain.xml file and why do we need it ?

W

What is Crossdomain.xml file ?

Crossdomain.xml file is an example of policy file which sets rules for apps using “same origin” security model and accessing data from different location.  Let us begin into the post

Today when I am checking my Emails I saw one  HTTP 404 Error email where the user is trying to request for crossdomain.xml file.  So I thought that I can make a post on this file as a topic as many bloggers who are not programmers do not know about this particular request.

crossdomain.xml 404 error

Crossdomain.xml File Work Flow :
crossdomain.xml workflowA crossdomain.xml file is located at root of your domain. It is a policy file which uses “same origin” security model which is implemented in most of the browsers. In HTML you can access any image directly using the link of the image from any domain but for others like Javascript and Flash this policy prevents from getting or setting the property of file.

But for many applications they need access to data from somewhere than the original applications origin but because of the above mentioned “same origin” security model they are restricted to access the data. But this will be ridiculous if you can’t access data that is in different origin. So, to access such data crossdomain.xml is a policy file which will let you have permissions based on the rules in the file and should be saved in root folder of your domain. Files saved in this manner are called Master Policy Files.

Flex, Adobe PDF Reader, Microsoft Silverlight, Flash are some among the list of programs that use this file as to look for access.

Example Crossdomain.xml File

The following is a typical example of Permissive URL master policy file

[xml]

<!–?xml version="1.0"?–>

<cross-domain-policy>

<site-control permitted-cross-domain-policies="master-only"></site-control>

<allow-access-from domain="*"></allow-access-from>

<allow-http-request-headers-from domain="*" headers="SOAPAction"></allow-http-request-headers-from>

</cross-domain-policy>

[/xml]

This is another example of Non Permissive or strict access of crossdomain.xml file.

[xml]

<!–?xml version="1.0"?–>

<cross-domain-policy>

<site-control permitted-cross-domain-policies="none"></site-control>

</cross-domain-policy>

[/xml]

But remember that this policy file cannot be used to restrict the access of sensitive information on your domain as this is file is used by only some of the applications mentioned above and will not come into picture for others like PHP. Hope you understood.

To understand more about this file try reading an article by Trevor McCauley, Quality Engineer from Adobe.

http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html

Thanks for reading.

About the author

pavankumar.p1990
By pavankumar.p1990