I've seen a few posts about this, but is there a decent implementation somewhere that actually works? I haven't gotten a single thing to return a crossdomain.xml except the standalone Python example, which isn't really the best solution. I suppose I'll try an Apache VirtualHost that no matter what you send it just responds with a crossdomain.xml file.
Anyone know why did Adobe decide to take this stupid, stupid tact of setting up a separate server from your web server? What was wrong with a simple crossdomain.xml file in the root of your web site? Then to make matters worse, make this thing a strict requirement but don't release a policy server to go with it? Do you guy even want customers?
I find it particularly ironic the only solution that will likely work is to basically serve up the crossdomain.xml file we were serving (with Flash 9) from our web site on a different port (843). Great solution. Way to go. No more secure than before, but you've added the overhead of a separate server or custom virtualhost and another port open on the firewall. Brilliant.
This one problem has so soured my view of Flex that this is pretty much the last RIA our company is building with it. All new projects have already switched to either GWT or SproutCore.