<?xml version="1.0" encoding="utf-8"?> 

<access-policy>

  <cross-domain-access>

    <policy>

      <allow-from http-request-headers="*">

                <domain uri="http://*" />

                <domain uri="https://*" />

      </allow-from>

      <grant-to>

        <resource path="/" include-subpaths="true"/>

      </grant-to>

    </policy>

  </cross-domain-access>

</access-policy>


