Experience Manager respects the cross-domain policy file of a server hosting external resources. This file enables access to the server from a specified IP address or domain, or from any domain. If the policy file does not allow access from the Experience Manager server, a security error similar to the following displays when Experience Manager attempts to load the resource:

Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://pagebuilder.mycompany.com/tmgr/tmgr.swf cannot load data from http://www.example.com/images/3column.gif.

The following example crossdomain.xml file enables access to files hosted on www.example.com, from any domain:

<?xml version="1.0"?>
<!-- http://www.example.com/crossdomain.xml -->
<cross-domain-policy>
  <allow-access-from domain="*" />
</cross-domain-policy>

You can also restrict access to specific domains or IP addresses; for instance, for the server on which Experience Manager is running. Wildcards are allowed in domain names, but not IP addresses.

The following example shows a policy file for www.example.com that allows access from anywhere in the example.com domain, www.customer.com, and 105.216.0.40. It includes a by-content-type meta-policy that allows policy files with a Content-Type of exactly text/x-cross-domain-policy:

<?xml version="1.0"?>
<!-- http://www.example.com/crossdomain.xml -->
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="by-content-type"/>
  <allow-access-from domain="*.example.com" />
  <allow-access-from domain="www.customer.com" />
  <allow-access-from domain="105.216.0.40" />
</cross-domain-policy>

For more information about meta-policies and cross-domain policy files, see the Adobe Flash documentation.


Copyright © Legal Notices