问题
The spec for cross domain policy files says that you can put a the crossdomain.xml file outside the root through the use of a X-Permitted-Cross-Domain-Policies header. How exactly does one go about doing that? I want to put a crossdomain.xml file in a sub directory (I don't have access to the root). This is from page 11 of the spec:
When clients require a policy file, they look at the root by default. A domain should always host a master policy file to enforce its intended meta-policy. If a client is instructed to load a policy file other than the master policy file, the client must still check the master policy file to ensure that the meta-policy defined by the master policy file permits the use of the originally requested policy file.
Without a master policy file, it is left to the client to enforce the default behavior. Instead of relying entirely on master policy files for meta-policies, clients may also decide to check for a
X-Permitted-Cross-Domain-Policiesheader in documents to specify a meta-policy. In addition to the values acceptable in permitted-cross-domain-policies, this header may also use a value of none-this-response to indicate that the current document should not be used as a policy file despite other headers or its content. Non-master policy files can only grant access to data within their own directory or subdirectories.
回答1:
I'm guessing you want to use the crossdomain.xml for a Flash client? fact is, by default a flash client always tries to find that file in the root. as the specs state, everything else must be set in the client. I'm not a flash coder - you should tag this question with "flash" or whatever else the client is coded in.
来源:https://stackoverflow.com/questions/8766688/how-to-add-crossdomain-xml-in-sub-directory