Reputation: 191
If my web server is configured to allow cross-origin requests in his crossdomain.xml
, and also to deny them via CORS
(Access-Control-Allow-Origin: site111.org), which configuration will be respected in the case where a website (site222.com) send a cross-origin HTTP request to my web server ?
As far as I understand crossdomain.xml
is a policy file which concern only Flash requests, but not sure if CORS is appliyed in all cross-origin requests or just the ones that come from Javascript
Upvotes: 3
Views: 1416
Reputation: 943214
CORS only affects JavaScript. crossdomain.xml only affects Flash. There is no overlap.
Upvotes: 8