I get a lot of errors too but they generally seem to be on YouTube's side
Here's an example:
*** Security Sandbox Violation ***
SecurityDomain 'http://www.youtube.com/apiplayer?version=3' tried to access
incompatible context 'http://s.ytimg.com/yt/swf/apiplayer3-vfl181412.swf'
As you can see, these are both YouTube domains
So I had a look at YouTube's own crossdomain policy files. It turns out that those files need to be updated. Read the following:
http://www.adobe.com/devnet/flashplayer/articles/fplayer10_security_changes_02.html#head1
Here is the policy file from s.ytimg.com
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
which throws the following warning
Warning: Domain s.ytimg.com does not specify a meta-policy. Applying default meta-policy 'master-only'. This configuration is deprecated. See http://www.adobe.com/go/strict_policy_files to fix this problem.
and here's what it should look like
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*"/>
</cross-domain-policy>
Here's another warning:
Warning: Domain video-stats.video.google.com does not explicitly specify a meta-policy, but Content-Type of policy file http://video-stats.video.google.com/crossdomain.xml is 'text/x-cross-domain-policy'. Applying meta-policy 'by-content-type'.
It looks like YouTube should look into this, all these warnings and security error messages are pretty annoying.
Practically speaking, have a look at the errors, if your domain name doesn't appear anywhere, your crossdomain file is working fine.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
