One of the sites for which I consult recently licensed a Flash component from a third party. Of course, the vendor wanted to restrict the component licensing to avoid having the component re-used by others. So far, so good. But this site, being large and old, has many domains and subdomains. It would be bad enough if it were just sampledomain.com and www.sampledomain.com, but then there's staging.sampledomain.co One of the sites for which I consult recently licensed a Flash component from a third party. Of course, the vendor wanted to restrict the component licensing to avoid having the component re-used by others.So far, so good. But this site, being large and old, has many domains and subdomains. It would be bad enough if it were just sampledomain.com and www.sampledomain.com, but then there’s staging.sampledomain.com for testing and www1.sampledomain.com for bypassing the load-balancing switch and weblog.sampledomain.com for blogs, plus a bunch of variants to protect against cybersquatters.Would the vendor license the Flash component to *.sampledomain.com? No, that isn’t the way they do things. Why don’t we create a new subdomain special.sampledomain.com and use it to host the Flash component in the fixed directory they’d license? That was fine with everyone, except that it didn’t work: JavaScript running on www.sampledomain.com couldn’t load a Flash control from special.domain.com. The vendor came up with a fix: add a crossdomain.xml file to the special.sampledomain.com root authorizing *.sampledomain.com.That didn’t work either. The next piece of the fix was to place the configuration XML file in the same directory as the Web page loading the Flash component instead of the same directory as the Flash component itself. Finally, the Flash component loaded, only it wouldn’t return any information to the JavaScript of the calling page.What was its problem? Our theory was that Flash thought it was being used for a cross-domain scripting attack. Thanks a bunch, Adobe. The vendor provided a new license key that allowed www.sampledomain.com as well as special.sampledomain.com, which potentially fixed the problem for 90% of our users. The other 10%, however, would have gotten a message that said that that the component was unlicensed, and that they should report the problem to the webmaster.That was too ugly to accept. As a temporary fix, I wrote some server-side code to check the SERVER_NAME variable and redirect the page to www.sampledomain.com if it didn’t match. That worked, and although I considered it a hack we promoted the new pages to the production site.Meanwhile, the vendor researched the problem and determined that there was no technical fix. Finally, they did what we had initially asked for: they created a new Flash component licensed to *.sampledomain.com. It came in Friday after I’d gone home. I’ll install it Monday, and change the server-side code to only redirect URLs that aren’t in *.sampledomain.com. Happy ending? I sure hope so. Software Development