Flash crossdomain.xml in a non-root directory

I have a web service running in http://server/abc/service which is being accessed by Flash from a different domain. I deployed a cross domain policy file to http://server/abc/crossdomain.xml and made the Flash load it using:

 flash.system.Security.loadPolicyFile("http://server/abc/crossdomain.xml");

in the constructor of the main movie clip. However, when the Flash starts, it requests and loads this file (observed in Firebug), but then it also requests it from the root of the server (i.e. from http://server/crossdomain.xml) which does not exist. Subsequent HTTP requests don't work reporting security cross domain errors. When I put the policy file to the root of the server, it all works.

Why does it request the policy file from the root as well even thought it loads it from the subdirectory? Why the subdirectory policy file is not enough?

I should also note that the two policy files are loaded before any application HTTP requests are issued.

Best Answer

I think it has to verify that the master policy file allows the alternate policy file to set permissions.

Here's an interesting article with this little tidbit:

If a client is instructed to use a policy file in a location other than that of the master policy file, the client must first check the meta-policy of the master policy file to determine if the original policy file is allowed

Best Answer

Related Solutions

Flash Crossdomain.xml Problems

Flash CS4 refuses to let go

Related Topic