Topic: Tiltplayer and crossdomain.xml files

Hi there --

I thought this was working a while back, but maybe something changed on the server that holds my images?

Here is my test page:
http://www.rudebadmood.com/fanphan/tiltviewer/

XML:
http://www.rudebadmood.com/fanphan/tilt … knotts.xml

It contains images like this one:
http://cdn-2-service.phanfare.com/image … e7c728ea_1

You'll note that the root crossdomain.xml file for phanfare.com is very restrictive:
http://phanfare.com/crossdomain.xml

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cros … policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.phanfare.com" secure="false" />
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

However it does allow for site-control permitted-cross-domain-policies, which if I understand it correctly, means you can have subdomain and directory-specific policies that grant *more* permissions than the master policy.

So the crossdomain.xml file on the same host/directory as the image file is wide open:
http://cdn-2-service.phanfare.com/image … domain.xml

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cros … policy.dtd">
<cross-domain-policy><allow-access-from domain="*" secure="false" />
</cross-domain-policy>

So uhm.... any ideas on what's wrong?

Thanks!

Re: Tiltplayer and crossdomain.xml files

So Phanfare *used* to have an open root-level crossdomain.xml file, but they recently locked it down.

The fix (unfortunately) is that Flash apps now need to try a:

Security.loadPolicyFile() for a crossdomain in the image directory before attempting to load an image.

I don't know if this is feasible, but I guess you could call it a feature request for Tiltviewer.

Thanks!

Re: Tiltplayer and crossdomain.xml files

I'll keep this in mind for the next version. thanks!

Felix Turner
SimpleViewer Support Team.