| title | Azure API Management policy reference - cross-domain | Microsoft Docs |
|---|---|
| description | Reference for the cross-domain policy available for use in Azure API Management. Provides policy usage, settings, and examples. |
| services | api-management |
| author | dlepow |
| ms.service | azure-api-management |
| ms.topic | reference |
| ms.date | 07/23/2024 |
| ms.author | danlep |
[!INCLUDE api-management-availability-all-tiers]
Use the cross-domain policy to make the API accessible from Adobe Flash and Microsoft Silverlight browser-based clients.
[!INCLUDE api-management-policy-generic-alert]
<cross-domain>
<!-Policy configuration is in the Adobe cross-domain policy file format,
see https://www.adobe.com/devnet-docs/acrobatetk/tools/AppSec/CrossDomain_PolicyFile_Specification.pdf-->
</cross-domain>Caution
Use the * wildcard with care in policy settings. This configuration may be overly permissive and may make an API more vulnerable to certain API security threats.
Child elements must conform to the Adobe cross-domain policy file specification.
- Policy sections: inbound
- Policy scopes: global
- Gateways: classic, v2, consumption, self-hosted
<cross-domain>
<cross-domain-policy>
<allow-http-request-headers-from domain='*' headers='*' />
</cross-domain-policy>
</cross-domain>[!INCLUDE api-management-policy-ref-next-steps]