开发者

What policy is enforced by an "empty" crossdomain.xml?

开发者 https://www.devze.com 2022-12-14 11:54 出处:网络
What policy would be enforced by the following crossdomain.xml that contains no allow statements. <cross-domain-policy>

What policy would be enforced by the following crossdomain.xml that contains no allow statements.

<cross-domain-policy>
  <开发者_运维知识库;site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>

Does this implicitly deny or accept everything?


I haven't checked but since by default the requests are blocked, I'd say that that will also deny any request coming from a different subdomain (this depends on the Flash Player version though). I think FP7 blocked on the top level domain, and everything after that (FP8, FP9, FP10) block everything on the subdomain level.

Details on this can be found from Adobe http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security.html

0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号