<?xml version="1.0" ?> <cross-domain-policy> <allow-access-from domain="*" secure="false"/> <site-control permitted-cross-domain-policies="all"/> <allow-http-request-headers-from domain="*" headers="*"/> </cross-domain-policy>