By: Emiley J
As a webmaster, it is a good practice to monitor your webserver error logs to tweak or fine tune your server for better performance. The fact that you are reading this article shows that you are one of those responsible webmasters. :)
There are some errors that are not so obvious when you look at them. Such as this crossdomain.xml error.
Solution: To resolve this just follow these steps.
- First goto the root folder of your website.
- Create a file named crossdomain.xml (In linux run this command â€˜touch crossdomain.xmlâ€™
- Add the following content to this file.
In linux â€˜vi crossdomain.xmlâ€™ and then paste these lines.
- Save the file.
<?xml version="1.0" ?> <cross-domain-policy> <site-control permitted-cross-domain-policies="master-only"/> <allow-access-from domain="*"/> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy>
Thatâ€™s it. You will not see these errors again in your logs.
Reason: If you are wondering what this crossdomain.xml file does and why someone is accessing it, then readon.
A cross-domain policy file is an XML document that grants a web clientâ€”such as Adobe Flash Player, Adobe Reader, etc.â€”permission to handle data across multiple domains. When a client hosts content from a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain would need to host a cross-domain policy file that grants access to the source domain, allowing the client to continue with the transaction. Policy files grant read access to data, permit a client to include custom headers in cross-domain requests, and are also used with sockets to grant permissions for socket-based connections.
But you may be asking, I do not use any flash files in my server, then how does this happen. It is because, someone who has installed a Yontoo-based browser plugin is browsing your site. The browser plugin loads the dddWrapper.swf flash object, which in turn wants to fetch content from your domain. But to do this, it needs to access the cross-domain policy on your site, which is what the crossdomain.xml request is for.
1. The xml listed above will allow ANY domain to execute code, something that I would not want on my si
View Tutorial By: Mark McWhirter at 2012-10-09 05:58:14
Most Viewed Articles (in xml )
Latest Articles (in xml)
Comment on this tutorial