My Flex application calls a DotNet Web service and throws a security
error despite the presence of the crossdomain.xml. I tried all kinds of
suggestions until this one worked. Apparently just specifying the
allowable domains and headers is not enough. The extra settings in this
file must be the trick.