Fixing cross-domain errors

Browser plugins, like Adobe Flash, often require permissions to play content hosted on domains other than from which they are hosted. The crossdomain policy file grants this permission and needs to be present in many cases to allow the content to be played. This guide shows you how to create a synthetic crossdomain.xml response to resolve cross-domain errors.


Error #2048 is a common indicator of a crossdomain.xml issue.

  1. Log in to the Fastly web interface.
  2. From the Home page, select the appropriate service. You can use the search box to search by ID, name, or domain.
  3. Click the Edit configuration button and then select the option to clone the active version. The Domains page appears.
  4. Click the Content link. The Content page appears.
  5. Click the Set up advanced response button. The Create a synthetic response page appears.

    the Create a synthetic response page with a crossdomain.xml file example

  6. Fill out the Create a synthetic response fields as follows:

    • In the Name field, enter a human-readable name for the response. For example crossdomain.xml.
    • From the Status menu, select an HTTP code to return to the client. For example, 200 OK.
    • In the MIME Type field, enter text/x-cross-domain-policy for the MIME type of the response.
    • In the Response field, add the correctly-formatted crossdomain.xml content you want the request to respond with. See cross-domain permissiveness and restrictiveness for additional details.
  7. Click the Create button. Your new response appears in the list of responses.

  8. Click the Attach a condition link to the right of the name of your new response. The Create a new condition window appears.

  9. Fill out the Create a new condition fields as follows:

    • From the Type menu, select Request.
    • In the Name field, enter a human-readable name for the response condition. For example crossdomain.xml.
    • In the Apply if field, enter req.url == "/crossdomain.xml".
  10. Click the Save and apply to button to create the new request condition.

  11. Click the Activate button to deploy your configuration changes.

Cross-domain permissiveness and restrictiveness

A crossdomain.xml policy file grants these browser plugins permissions to allow content to be played from domains other than that which they are hosted. This file usually has the name crossdomain.xml and gets placed by default in the root directory of the domain on which it is hosted. You use this file to define how permissive or restrictive access will be when attempting to play the content being requested.

The following example policy allows the and domains to pull data, and the domain to push data via the X-foo header:

1<?xml version="1.0"?>
2 <!DOCTYPE cross-domain-policy SYSTEM "">
3 <cross-domain-policy>
4 <site-control permitted-cross-domain-policies="master-only"/>
5 <allow-access-from domain="" secure="true"/>
6 <allow-access-from domain="" secure="true"/>
7 <allow-http-request-headers-from domain="" headers="X-foo" secure="true"/>
8 </cross-domain-policy>

This example uses secure="true" to force access via HTTPS. You can use secure="false" to allow access via HTTP.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support.