crossdomain.xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
{% comment %}
  Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html 
{% endcomment %}
{% comment %}
  Most restrictive policy: 
{% endcomment %}
	<site-control permitted-cross-domain-policies="none"/>
{% comment %}
  Least restrictive policy: 
{% endcomment %}
{% comment %}
	<site-control permitted-cross-domain-policies="all"/>
	<allow-access-from domain="*" to-ports="*" secure="false"/>
	<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
{% endcomment %}
{% comment %}
  If you host a crossdomain.xml file with allow-access-from domain=“*” 	 	
  and don’t understand all of the points described here, you probably 	 	
  have a nasty security vulnerability. ~ simon willison
{% endcomment %}
</cross-domain-policy>