crossdomain.xml

This drives me crazy...I am trying to build a youtube player with flash and everytime I load a video, there is a runtime security sandbox error..I already put crossdomain.xml in my root server http://mysite.com but I am still getting the errors...Do I miss something? Do I have to load it into my flex project??Thanks for the reply... My crossdomain.xml <!-- <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*.youtube.com"/> <allow-access-from domain="s.ytimg.com"/> </cross-domain-policy> --> Edit :

So if i put - http://xxx.xx.xx.x/website/website.html and try to use an HTTPService with in the swf to contact - https://yyy.yy.yy.y/resources/script , I get the sandbox error. If I put - https://yyy.yy.yy.y/crossdomain.xml in the browser and access it everything in the crossdomain file looks fine. wWen i go back and try to use the HTTPService from - http://xxx.xx.xx.x/website/website.html everything now works until i close the browser which i assume clears the cache. ********crossdomain.xml********* <?xml version="1.0" ?> <cross-domain-policy> <site-control permitted-cross-domain-policies=

Actually I wish I knew where to start from... I have embedded an third party SWF image gallery control, in an personal website of mine. The SWF is XML driven. I load the XML file on the fly as follows.... var flashvars = { xmlPath: "http://www.example.com/xml.aspx" }; var params = { allowFullScreen: "true", wmode: "transparent", allowScriptAccess: "always"}; var attributes = {}; swfobject.embedSWF("main.swf", "gallery", "100%", "100%", "9.0.0", "expressInstall.swf", flashvars, params, attributes); The problem is that the page did not work as expected. Actually it worked only in Firefox, not in

I've been reading that Adobe has made crossdomain.xml stricter in flash 9-10 and I'm wondering of someone can paste me a copy of one that they know works. Having some trouble finding a recent sample on Adobe's site. This is what I've been using for development: <?xml version="1.0" ?> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-policy> This is a very liberal approach, but is fine for my application. As others have pointed out below, beware the risks of this. If you're using webservices, you'll also need the 'allow-http-request-headers-from' element. Here's our default,