Deploying SAP Dashboard (formerly Xcelsius) - Crossdomain policy file

Cross domain policy file is an important configuration to consider while deploying SAP Dashboard(formerly Xcelsius). The SAP BW Quality dashboard, that I recently worked on, is deployed on the BusinessObjects Infoview and  pulls data from SAP ECC and SAP BW for reconciling Orders and Revenue numbers. The flash object that Xcelsius creates run in the browser on the client machine. It follows the security guidelines set by Adobe while accessing external data.

Adobe has introduced a new security policy for the flash palyer 9 & 10. That prevents the Xcelsius dashboard from accessing data from external sources and throws error #2170. In my case, external sources are ECC and BW. To get around this, the cross domain XML file needs to be updated with the following tag:

<allow-http-request-headers-from domain="*" headers="*" secure="false" />

The crossdomain.xml is located at <BusinessObjects installation directory>\Tomcat55\webapps\ROOT\ and should look like this-

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*" secure="false" />
   <allow-access-from domain="*" secure="false" />
</cross-domain-policy>

Update the file, restart Tomcat (web server) and you're done!