Experience Manager respects the cross-domain policy file of a server hosting external resources. This file enables access to the server from a specified IP address or domain, or from any domain. If the policy file does not allow access from the Experience Manager server, a security error similar to the following displays when Experience Manager attempts to load the resource:
Error #2044: Unhandled securityError:. text=Error #2048: Security sandbox violation: http://pagebuilder.mycompany.com/tmgr/tmgr.swf cannot load data from http://www.example.com/images/3column.gif.
The following example
crossdomain.xml
file enables access to files hosted on
www.example.com, from any domain:
<?xml version="1.0"?> <!-- http://www.example.com/crossdomain.xml --> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy>
You can also restrict access to specific domains or IP addresses; for instance, for the server on which Experience Manager is running. Wildcards are allowed in domain names, but not IP addresses.
The following example shows a policy file for www.example.com that
allows access from anywhere in the example.com domain, www.customer.com, and
105.216.0.40. It includes a
by-content-type
meta-policy that allows policy files
with a
Content-Type
of exactly
text/x-cross-domain-policy
:
<?xml version="1.0"?> <!-- http://www.example.com/crossdomain.xml --> <cross-domain-policy> <site-control permitted-cross-domain-policies="by-content-type"/> <allow-access-from domain="*.example.com" /> <allow-access-from domain="www.customer.com" /> <allow-access-from domain="105.216.0.40" /> </cross-domain-policy>
For more information about meta-policies and cross-domain policy files, see the Adobe Flash documentation.