The <a href="http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html" rel="nofollow">spec for cross domain policy files</a> says that you can put a the
crossdomain.xml file outside the root through the use of a
X-Permitted-Cross-Domain-Policies header. How exactly does one go about doing that? I want to put a
crossdomain.xml file in a sub directory (I don't have access to the root). This is from page 11 of <a href="http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html" rel="nofollow">the spec</a>:
When clients require a policy file, they look at the root by default. A domain should always host a master policy file to enforce its intended meta-policy. If a client is instructed to load a policy file other than the master policy file, the client must still check the master policy file to ensure that the meta-policy defined by the master policy file permits the use of the originally requested policy file.
Without a master policy file, it is left to the client to
enforce the default behavior. Instead of relying entirely on master
policy files for meta-policies, clients may also decide to check for a
X-Permitted-Cross-Domain-Policies header in documents to specify a
meta-policy. In addition to the values acceptable in
permitted-cross-domain-policies, this header may also use a value of
none-this-response to indicate that the current document should not be
used as a policy file despite other headers or its content. Non-master policy files can only grant access to data within their own
directory or subdirectories.
I'm guessing you want to use the crossdomain.xml for a Flash client? fact is, by default a flash client always tries to find that file in the root. as the specs state, everything else must be set in the client. I'm not a flash coder - you should tag this question with "flash" or whatever else the client is coded in.