Currently, Shumway supports root-level policy files named "crossdomain.xml", which is equivalent to metapolicy "master-only". However, sites also can be more flexible with use of policy files, with regards to location (subdirectories) and deployment (HTTP headers). The current implementation is the safest, but does not support all possible features and attributes of crossdomain.xml. Policy file spec: http://www.senocular.com/pub/adobe/crossdomain/policyfiles.html
metapolicy is used for shared hosting, so it doesn't need to block M4.
Product: Firefox → Firefox Graveyard
3 years ago
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.