Allow cross-domain calls

APPLIES TO: All API Management tiers

Use the cross-domain policy to make the API accessible from Adobe Flash and Microsoft Silverlight browser-based clients.

Note

Set a policy's elements and child elements in the order provided in the policy statement. Learn more about how to set or edit API Management policies.

Policy statement

<cross-domain>
    <!-Policy configuration is in the Adobe cross-domain policy file format,
        see https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf-->
</cross-domain>

Caution

Use the * wildcard with care in policy settings. This configuration may be overly permissive and may make an API more vulnerable to certain API security threats.

Elements

Child elements must conform to the Adobe cross-domain policy file specification.

Usage

Example

<cross-domain>
    <cross-domain-policy>
        <allow-http-request-headers-from domain='*' headers='*' />
    </cross-domain-policy>
</cross-domain>

Next steps

For more information about working with policies, see: