Security sandbox violation on Nginx

Question

Dear all, How can Nginx serve crossdomain.xml file to a flash/flex program. Basically I need to make nginx to respond to:

perl -e 'printf "<policy-file-request/>%c",0' | nc 127.0.0.1 80

with

<cross-domain-policy>  
  <allow-access-from domain="*" secure="false" to-ports="*"/>    
  <site-control permitted-cross-domain-policies="master-only" />  
</cross-domain-policy>

As we can see, the request is not a valid http request (amazing what adobe engineers have done!). I tried to use $request_method inside the nginx configuration file but no success yet, I appreciate any comments in this regard,

Thanks, -A

Answer 1

A simple work around; the policy file request does and should get a bad request response (400). Setting the error page for 400 errors to a crossdomain.xml file will return that file, ie:

error_page 400 /crossdomain.xml;

All bad requests will get a crossdomain file, but that may work for you.

Answer 2

heres another great conf for nginx to handle flash policy file requests

http://blog.vokle.com/index.php/2009/06/10/dealing-with-adobe-and-serving-socket-policy-servers-via-nginx-and-10-lines-of-code/

Answer 3

the 404 trick is messy : django-flashpolicies looks a whole lot better!

http://pypi.python.org/pypi/django-flashpolicies/