edit-icon download-icon

Improper configuration issue in crossdomain.xml

Last Updated: Oct 31, 2017

Description

The crossdomain.xml file in the root directory of the website indicates whether a remote Flash can load resources of the current website (images, web contents, and Flash). Improper configuration of the file may cause cross-site request forgery (CSRF) attacks.

Fix

If your website does not require loading external resources, change the domain attribute of the allow-access-from setting in the crossdomain.xml file to a domain name whitelist.

Thank you! We've received your feedback.