ActionScript 3 Sending and Receiving Data From Servers Cross-domain requests
Example
Flash will not load data from a domain other than the one your application is running on unless that domain has an XML crossdomain policy either in the root of the domain (e.g. http://somedomain.com/crossdomain.xml) or somewhere that you can target with Security.loadPolicyFile(). The crossdomain.xml file is where you can specify domains that are able to ask your server for data from a Flash application.
Example of the most permissive crossdomain.xml:
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
Note this example should not be used in production environments, use a more restrictive instance.
A more restrictive specific crossdomain.xml will look like this for example:
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only" />
<allow-access-from domain="*.domain.com" to-ports="80,843,8011" />
<allow-access-from domain="123.123.123.123" to-ports="80,843,8011" />
</cross-domain-policy>
Resources:
