flash9/10的安全策略之content-type

flash9/10添加了新的安全策略.

请求的crossdomain.xml返回的http header必须包换content-type，而且必须是text/(任何文本格式)

如果不是这样的话，crossdomain.xml就算存在，也会被无视.

搞了一天才找出来，倒塌...

详情：http://www.adobe.com/devnet/flashplayer/articles/fplayer9_security_02.html#_Content-Type_Whitelist

 

引用：

Content-type whitelist

Starting in version 9,0,115,0, Flash Player will ignore any HTTP policy file that is not sent with a Content-Type value that gives some assurance that the file is intended to be a text file. Flash Player requires that a policy file's Content-Type must be one of the following:

• text/* (any text type)

• application/xml or application/xhtml+xml

Content-Type values are determined from the response headers provided by HTTP servers. Servers may choose a Content-Type based on a file's name, extension, location, contents, or the instructions of a server script generating the file. If you need to change the Content-Type associated with a policy file, you may need to reconfigure a registry mapping filename extensions to Content-Type values, or edit a general server configuration file. Consult the documentation for your HTTP server.