4 Replies Latest reply on Aug 3, 2011 1:37 AM by ChristianPam

    Security topic of FDF and PDF




      i'm developing a website that generates a pdf and fdf and offers both for the user by opening a link like that:


      http://domain/test/formular.pdf#FDF=http://domain/test/fdfcreator.php?id=5mp68ues6ikfu6t2r kohg41182


      But when you open it in browser the yellow security bar appears and you have to add the site as a trusted host.


      I don't want to tell the user to add the site as a trusted host.

      I've already tried to load a crossdomain.xml by using "app.loadPolicyFile('http://domain/test/crossdomain.xml');" in FDF and PDF.

      The crossdomain.xml is unsecure as possible just for testing:

      <?xml version="1.0"?>
      <!DOCTYPE cross-domain-policy SYSTEM
      <site-control permitted-cross-domain-policies="all"/>
      <allow-access-from domain="*" secure="false"/>
      <allow-http-request-headers-from domain="*" headers="*" secure="false"/>


      What else can i do or try?


      i'm frustrated :-(