What is Cross-domain policy?
Cross-Domain Policy rules can be used to effectively restrict access to Flash applications not hosted on your own domain (site). They provide a way to selectively grant or restrict access to local resources (data) by remote Flash applications.
By default, a Flash application hosted on a secured (HTTPS) server can only access resources on remote secured servers. The secured server has more resource demands than that of a non-secured server (HTTP). In that case, you may not want to use the HTTPS attribute. If that's the case, in BloxCMS Cross-Domain Policy settings, uncheck the HTTPS attribute and it will allow a Flash application on an secured (HTTPS) server to access data from a non-secured (HTTP) server.
For more information on Cross-Domain Policy, visit Adobe's website.
How to Add a New Policy
To add a new policy, within the Manage cross-domain policy rule panel, select + New. Within the Edit cross-domain policy rule panel, complete the following:
Hostname pattern: Enter the domain name of the remote site to grant cross-domain access into the local site in this field. It will also be the title of the policy rule. A single wildcard character (*) may be used in this pattern.
Allow flash: Check this option to allow a Flash file hosted on the specified site to access data on the local (host) site. When enabled, the Flash file successfully works across domains. Unchecked disallows this access.
Require HTTPS: HTTPS means Hyper Text Transfer Protocol Secured. Checking the checkbox forces a secure connection to the host site. A Flash file hosted under HTTPS normally cannot access content hosted under HTTP. Omitting 'Require HTTPS' breaks that rule.
Disabled: Check this option to disable the policy without having to delete it. Unchecked keeps the policy enabled on the host site.
Cross-Domain Policies may be edited or removed by utilizing either toolbar option.