<?xml version="1.0" encoding="UTF-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://*"/>
<domain uri="https://*"/></allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/></grant-to></policy></cross-domain-access></access-policy>