koobas.hobune.stream
Cross-domain policy for specific folder/URL
We're providing a service for app developers to be able to easily stream new content to their game, by providing an editor extension that bundles assets and uploads them to our service.
This is done by posting it to website.com/api via a binary element of WWWForm. Unity blocks this inside the editor saying "no cross-domain policy" (http://docs.unity3d.com/Documentation/Manual/SecuritySandbox.html)
We're able to get around that by adding the crossdomain policy file as suggested:
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
But that's a security risk since our login page is also on the same domain.
Adobe's standard actually lets you set policies by folders, as such:
<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
</cross-domain-policy>
domain.com/api/crossdomain.xml
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>
But Unity doesn't seem to even notice this. Here's the Editor.Log, after setting ENABLE_CROSSDOMAIN_LOGGING to 1
Received policy
Parsing: cross-domain-policy
cross-domain-policy
Parsing: site-control
site-control
permitted-cross-domain-policies: all
done parsing policy
crossdomain.xml was succesfully parsed
About to parse url: http://localhost:8080/api/
Rejected because there was no AllowedAcces entry in the crossdomain file allowing this request.
Rejected because no crossdomain.xml policy file was found
Is there any way to set a policy for a specific folder/URL? It seems like our only option is to create a subdomain
Yes, your only option is to create a sub-domain.
