I posted this to the Unity forums as well, but they aren't as active as here in my experience. (If I get the answer there, I'll post it here)

I'm somewhat new to Unity for an engine. My game is using WWW to get some info from my site.

I'm running into "SecurityException: No valid crossdomain policy available to allow access"

I manually went to "crossdomain.xml" and resaved as UTF-8 (ASCII subset)

crossdomain.xml is loadable from the root of my site. (localhost) http://127.0.0.1/crossdomain.xml. I can open that in a browser and it pops up.

The contents of the file is:
<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

The file it is grabbing from the site is an xml file, in a sub folder called Users. I wasn't sure if the crossdomain.xml file needed to be in the same folder as the content, so I have a copy of it there as well. Despite that, I keep receiving the error.

I've looked at a dozen pages/sites at least on this issue, and tried all sorts of things with now luck.

I'm running Windows 8, with IIS. The page is on the IIS. I can access all the paths from a browser without issue.

Any clue what I'm doing wrong? - Thanks

Are you trying to run the unity game from the Unity IDE, or from a browser?

Try checking the IIS logs to see if you can see a request for the crossdomain.xml at the time you think Unity should be making the request.

I'm trying to run it from the ide for now, but I'm targeting the browser ultimately

I'll check the logs.

You probably need to allow http request headers:

[source]<allow-http-request-headers-from domain="*" headers="*"/>[/source]

Try checking the IIS logs to see if you can see a request for the crossdomain.xml at the time you think Unity should be making the request.

I do see requests coming through. I even cleared the log, and only used the game and tried again. and saw some records for it.

So it appears it is able to get the file. Log returns a 200 OK

2013-02-19 21:04:58 127.0.0.1 GET /crossdomain.xml - 80 - 127.0.0.1 UnityPlayer/4.0.1f2+(http://unity3d.com) - 200 0 0 1

You probably need to allow http request headers:

[source]<allow-http-request-headers-from domain="*" headers="*"/>[/source]

Thanks. I tried this. But unfortunately, I'm still getting the error.

SecurityException: No valid crossdomain policy available to allow access

I'm guessing this means there is something wrong with the crossdomain file. either in structure or save format, but I'm not sure. the exception doesn't give much more info.

P.S. At this point, I've still had no responses on the Unity forum. This forum rocks.

I'm guessing this means there is something wrong with the crossdomain file. either in structure or save format, but I'm not sure. the exception doesn't give much more info.

All right, well, if that's the problem, I see three potential issues:

• You are missing a doctype declaration.
• You aren't setting a cross domain policy.
• Your web server may not be setting the right content type

How about this?

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
	<site-control permitted-cross-domain-policies="master-only"/>
	<allow-access-from domain="*"/>
	<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

And make sure your webserver is sending Content-Type: text/x-cross-domain-policy

There are some security options you could double check under Edit -> Project Settings -> Editor, maybe it has something to do with those options when running from the editor. I had this same problem but it was a long time ago and I honestly cant remember what I did back there.

Are you sure the exception is for your WWW class usage? For WWW, the policy file needs to be served up over HTTP, but for socket use, the policy file needs to be served over plain TCP. If you were using both WWW and sockets, you would get an error like this where the WWW security check passed but the socket check did not.

Another idea: you can't use 127.0.0.1 and localhost interchangeably. Make sure your policy file is reachable using the exact same host name that is being used by the WWW class. Both should use localhost or neither should.

Also, UTF-8 is not an ASCII subset! It's the other way around. Your file looks like plain ASCII to me but make sure there is no Byte Order Mark at the start of the file or anything like that. Switch your text editor to an ASCII encoding if possible.

I'm guessing this means there is something wrong with the crossdomain file. either in structure or save format, but I'm not sure. the exception doesn't give much more info.

All right, well, if that's the problem, I see three potential issues:

• You are missing a doctype declaration.
• You aren't setting a cross domain policy.
• Your web server may not be setting the right content type

How about this?

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
	<site-control permitted-cross-domain-policies="master-only"/>
	<allow-access-from domain="*"/>
	<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

And make sure your webserver is sending Content-Type: text/x-cross-domain-policy

You rock! This xml solved it.

this probably would have been solved earlier had I noted your first response with the header xml. I noticed and added the attribute, but did not notice the fact it was a different node/tag. That was probably my original problem.

Thanks.