FortiDirector
FortiDirector uses conditions to determine if a redirector Rule is a match for a given request.
tdietrich
Staff
Staff
Article Id 194081
Description

The Flash Player crossdomain problem

The Adobe Flash Player contains a crossdomain security mechanism which impacts publishers using Flash players (such as JW Player) on Flash capable browsers and devices by denying the loading of the following files from another domain:

Crossdomain security restrictions can be lifted by hosting a crossdomain.xml file on the server that contains the files.

Unfortunately, the Flash Player has a security restriction which prevents the request for said crossdomain.xml file from following a 302 redirect.  From the Adobe website:

Note: When serving a policy file, you must not use a cross-domain redirect, or the player will ignore the policy file.

Thus any requests for /crossdomain.xml using the FortiDirector HTTP Service would result in a security error with the flash player.

The FortiDirector Solution

In order to work with this security restriction, FortiDirector has in place the ability to not redirect (302), but rather serve (200), a crossdomain.xml file.  

By default, all requests for a root crossdomain file:

http://[ruleset hostname]/crossdomain.xml

which are made to the FortiDirector HTTP service will be responded to with the following wildcarded crossdomain.xml file:

<cross-domain-policy><allow-access-from domain="*" secure="false"/><allow-http-request-headers-from domain="*" headers="*" secure="false"/></cross-domain-policy>

This allows the flash player to request through the FortiDirector HTTP service without security restrictions, enabling loading of the specified resource by the flash player to succeed.

FortiDirector futher extends this feature by allowing users to upload a custom crossdomain.xml file, which can either:

  • Override the default crossdomain.xml file
  • Serve a different crossdomain.xml file from a subdirectory URI

crossdomain.xml files, among other (less than 1KB) files can be uploaded and managed by editing any already existing Rule Set.


Contributors