This is just an other story why I don’t like computers… When the Flash Player loads files from Amazon S3, it most likely crosses the domain border. This means that you have to put up yourself with Flash Player security. If you planned a new security concept for Flash Player and you want to make it as complex and convoluted as you could ever imagine and then, you power this by the factor of 10, you most likely come up with the current Flash Player security concept. Ok, if it hadn’t changed much over the years. But did you know that for example the allowed HTTP header changed in every release! I bet that there are no more than 10 people on the world that understand everything including the implications of the changes over the years.
Whatever, loading the crossdomain.xml from Amazon S3 does not fail because of Flash Player. That’s why loading the file works fine in Firefox but fails in Internet Explorer and Safari. The URL was something like “https://images.example.org.s3.amazonaws.com/crossdomain.xml“. It turns out that Internet Explorer does not accept address with “.” for wildcard SSL certifactes like “*.s3.amazonaws.com”. So this story ends with the fact that you should only use bucket names without “.” like “https://myimages.s3.amazonaws.com/crossdomain.xml“.
