About using crossdomain.xml
To access data from a different server other than the one hosting your Flex application, the remote server needs to have a cross-domain file in the root directory. For security reasons, the web browser cannot access data that resides outside the exact domain where the Shockwave Flash (SWF) file originated. However, Adobe Flash Player can load data across domains if permission is granted from the server. This is accomplished by including a small crossdomain.xml file on the remote server that permits Flash to connect to services on that server. See the following code example:
Sample crossdomain.xml file
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <site-control permitted-cross-domain-policies="all"/> <allow-access-from domain="*"/> </cross-domain-policy>
Working with SSL
It is possible to host your Flex web application using Secure Sockets Layer (SSL). Although it is not required, it is good practice to enable the web server for https rather than http. If this is not an option, you can modify the crossdomain.xml file similar to what is provided below so that http can access https without errors.
Set secure="false" to allow http to https transfer
<?xml version="1.0" ?> <cross-domain-policy> <allow-access-from domain="*" secure="false"/> <site-control permitted-cross-domain-policies="all"/> <allow-http-request-headers-from domain="*" headers="*"/> <allow-https-request-headers-from domain="*" headers="*"/> </cross-domain-policy>
To deploy the cross-domain file on ArcGIS Server, see the instructions specific for your platform and version.
- .NET—Add crossdomain.xml to your web server's root directory, for example, C:\inetpub\wwwroot.
- Java—Add crossdomain.xml to
for 10.0 or
9.3 installations of ArcGIS Server. On Windows, the default
locations for these directories are as follows:
- 9.3—C:\Program Files\ArcGIS\java\web_output
- 10.0—C:\Program Files\ArcGIS\Server\java\manager\web_output
- For 10.1, the location is C:\Program Files\ArcGIS\Server\framework\runtime\tomcat\contexts\rootapp. Note that 10.1 comes with crossdomain.xml already installed, so unless you want to make changes, it should work successfully.
For additional information, read: