 | Feedback |  |
By default, the Adobe Flash Player security model prohibits Adobe Flash Players from making network connections to servers outside the domain that serves the SWF file.
To override the default, you must upload a public-readable crossdomain.xml file to the bucket that will accept POST uploads. Following is a sample crossdomain.xml file.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" secure="false" /> </cross-domain-policy>
![[Note]](images/note.png) | Note |
|---|---|
For more information about the Adobe Flash security model, go to the Adobe web site. Adding the crossdomain.xml file to your bucket allows any Adobe Flash Player to connect to the crossdomain.xml file within your bucket. However, it does not grant access to the actual Amazon S3 bucket. |
The FileReference API in Adobe Flash adds the Filename form
field to the POST request. When building Adobe Flash applications that upload to Amazon S3 using the
FileReference API, include the following condition in your policy:
['starts-with', '$Filename', '']
Some versions of the Adobe Flash Player do not properly handle HTTP responses that have an
empty body. To configure POST to return a response that does not have an empty body, set
success_action_status to 201. When set, Amazon S3 returns an XML
document with a 201 status code. For information on the content of the XML document, see
POST Response Body. For information on form
fields, see HTML Form Fields.
