> Quick question-- I swear I've Googled the crap out of this and for the > life of me I can't get a definitive answer. > > We have two domains. > www.oursite.com > www.ourcdn.com > > We have a SWF player hosted at www.oursite.com which loads mp3s (among > other things) from www.ourcdn.com. > www.ourcdn.com does NOT have a crossdomain.xml policy file. > > Most of our users have no issues with the flash player loading the > "off-site" content. Several people however report an error that I > assume is Flash refusing to load the off-site content due to the lack of > a cross domain policy. > > The obvious answer here is I need to create a crossdomain.xml file on > www.ourcdn.com that specifies www.oursite.com as a valid location that > can load its content via flash. > > However, in the name of curiosity, I would like to figure out which of > my users are affected and why. > > Can anyone tell me what the default behavior of flash 7, 8, 9, 10, etc > is if there is no cross domain policy _on_ the server hosting the > content? Does it deny by default or allow? Based on what I am seeing, > I assume some versions allow by default, while others deny but for the > life of me I can't find conclusive documentation for all versions of > Flash that compares their behavior. All I can find of the Internet is > eleventy-billion how-to's on creating a policy new. (thanks but I > already know how)
My understanding is that the default behavior is the same for Flash 7 and higher. It should deny access from your swf to content fetched from another domain unless that domain has the appropriate cross domain policy file allowing content to be fetched from the domain containing your swf. So, I suspect that there's something else going on. Maybe some (most?) requests are actually being served from servers within your CDN initially, rather than from your original domain. For example, if I go to www.microsoft.com, I'm actually going to someserver.www.ms.akadns.net. Perhaps that's the default behavior for many of your users? I'm kind of grasping at straws here. Dave Watts, CTO, Fig Leaf Software http://www.figleaf.com/ http://training.figleaf.com/ Fig Leaf Software is a Veteran-Owned Small Business (VOSB) on GSA Schedule, and provides the highest caliber vendor-authorized instruction at our training centers, online, or on ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-talk/message.cfm/messageid:331622 Subscription: http://www.houseoffusion.com/groups/cf-talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/groups/cf-talk/unsubscribe.cfm