When accessing Domino data from an Adobe Flash application that has not been executed (loaded) from the same Domino server (or domain for that matter) a Flash Player runtime security error is triggered.

For instance, the live demos presented here on FlexDomino.net all access the Domino data via a URL http://www.flexdomino.net. If you have however visited this website using any of the other registered domain names, such as flash4domino.net, flashdomino.net or flex2domino.netor you simply where to lazy to add the www. as part of the URL, the Flash Player would throw an exception.

To avoid this problem I placed a file called crossdomain.xml into the Domino data directory in the sub-directory Domino\HTML with following content:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
    <site-control permitted-cross-domain-policies="master-only"/>
    <allow-access-from domain="flexdomino.net"/>
    <allow-access-from domain="*.flexdomino.net"/>
    <allow-access-from domain="flex2domino.net"/>
    <allow-access-from domain="*.flex2domino.net"/>
    <allow-access-from domain="flashdomino.net"/>
    <allow-access-from domain="*.flashdomino.net"/>
    <allow-access-from domain="flash4domino.net"/>
    <allow-access-from domain="*.flash4domino.net"/>
    <allow-access-from domain="flexdomino.com"/>
    <allow-access-from domain="*.flexdomino.com"/>
    <allow-access-from domain="flex2domino.com"/>
    <allow-access-from domain="*.flex2domino.com"/>
    <allow-access-from domain="flashdomino.com"/>
    <allow-access-from domain="*.flashdomino.com"/>
    <allow-access-from domain="flash4domino.com"/>
    <allow-access-from domain="*.flash4domino.com"/>
    <allow-http-request-headers-from domain="*" headers="SOAPAction"/>
</cross-domain-policy>

There is more explanation to this subjecton the Adobe websites:

http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html