Enabling cross-domain data loading for Flash
For security reasons, some applications (notably Adobe Flash Player) prevent cross-domain loading of data by default. Using a cross-domain policy file, you enable Flash to allow or disallow content from particular domains. See the cross-domain policy file usage recommendations for Flash Player (
http://www.adobe.com/devnet/flashplayer/articles/cross_domain_policy.html
).
Because the Real End User Experience Monitoring Software Edition has Flash widgets embedded in its user interface, you must manage the cross-domain data loading to secure the system, as described in the following sections. To perform these procedures, you must have Security-level access.
Warning
A cross-domain policy file must be used carefully, because it can expose your system to attacks.
Cross-domain policy file structure
Flash uses a cross-domain policy file (crossdomain.xml) is used by Flash to indicate that its data is available to files served from outside its own domain. It indicates availability by listing domains for which access is allowed.
The hierarchy of a cross-domain policy is presented below:
<cross-domain-policy>
<allow-access-from/>
</cross-domain-policy>The following code is the cross-domain policy code that comes with the system. It allows access from all domains by default.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
<cross-domain-policy> referenceThe following table describes the elements used in the cross-domain policy file.
Elements of the cross-domain policy file
Element | Cardinality | Description | Required |
|---|---|---|---|
| None | Root element of the cross-domain policy file and container for the rest of the policy | Yes |
| 0 .. * | Specifies that access to data is permitted from this system | Yes |
| None | A domain name, for example, www.example.com | Yes |
To allow access from specific domains
In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
- On the Action menu, click Edit.
Edit the cross-domain policy file so that it looks as follows:
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="\*.bmc.com"/> <allow-access-from domain="10.160.15.5"/> <allow-access-from domain="10.160.16.*"/> </cross-domain-policy>Note
The asterisk character * is a wildcard that represents any value.
- Click Save.
The system now allows access from specified domains only.
To turn the cross-domain policy file on or off
In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
- On the Cross-domain policy page use the ON / OFF switch.
When the cross-domain policy file is turned OFF, the system does not allow access from any domain.
To reset the cross-domain policy file
In a Real User Analyzer component, point to Administration > Security settings and click Cross-domain policy.
- On the Action menu, click Reset.
- Click OK.
This action resets the contents of the cross-domain policy file to the system defaults (allowing access from all domains).
Comments