LOG IN SIGN UP
Documentation

Fixing cross-domain errors

  Last updated August 10, 2017

Browser plugins, like Adobe Flash, often require permissions to play content hosted on domains other than from which they are hosted. The crossdomain policy file grants this permission and needs to be present in many cases to allow the content to be played. This guide shows you how to create a synthetic crossdomain.xml response to resolve cross-domain errors.

  1. Log in to the Fastly web interface and click the Configure link.
  2. From the service menu, select the appropriate service.
  3. Click the Configuration button and then select Clone active. The Domains page appears.
  4. Click the Content link. The Content page appears.
  5. Click the Create response button. The Create a synthetic response page appears.

    the Create a synthetic response page with a crossdomain.xml file example

  6. Fill out the Create a synthetic response fields as follows:
    • In the Name field, type a human-readable name for the response. For example crossdomain.xml.
    • From the Status menu, select an HTTP code to return to the client. For example, 200 OK.
    • In the MIME Type field, type text/x-cross-domain-policy for the MIME type of the response.
    • In the Response field, add the correctly-formatted crossdomain.xml content you want the request to respond with. See cross-domain permissiveness and restrictiveness for additional details.
  7. Click the Create button. Your new response appears in the list of responses.
  8. Click the Attach a condition link to the right of the name of your new response. The Create a new condition window appears.
  9. Fill out the Create a new condition fields as follows:
    • From the Type menu, select Request.
    • In the Name field, type a human-readable name for the response condition. For example crossdomain.xml.
    • In the Apply if field, type req.url == "/crossdomain.xml".
  10. Click Save and apply to to create the new request condition.
  11. Click the Activate button to deploy your configuration changes.

Cross-domain permissiveness and restrictiveness

A crossdomain.xml policy file grants these browser plugins permissions to allow content to be played from domains other than that which they are hosted. This file usually has the name crossdomain.xml and gets placed by default in the root directory of the domain on which it is hosted. You use this file to define how permissive or restrictive access will be when attempting to play the content being requested.

The following example policy allows the foo.example.com and bar.example.com domains to pull data, and the www.example.com domain to push data via the X-foo header:

<?xml version="1.0"?>
  <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
  <cross-domain-policy>
      <site-control permitted-cross-domain-policies="master-only"/>
      <allow-access-from domain="foo.example.com" secure="true"/>
      <allow-access-from domain="bar.example.com" secure="true"/>
      <allow-http-request-headers-from domain="www.example.com" headers="X-foo" secure="true"/>
  </cross-domain-policy>

Various permissive and restrictive examples of crossdomain.xml files appear in Adobe's information on Cross-domain XML for streaming.


Back to Top