<?xml version="1.0" encoding="utf-8"?>
  <access-policy>
     <cross-domain-access> 
       <policy>
         <allow-from http-request-headers="*"> 
          <domain uri="http://*"/> 
          <domain uri="https://*" />  
         </allow-from>
        <grant-to>
           <resource include-subpaths="true" path="/"/>
        </grant-to> 
       </policy>
     </cross-domain-access>
  </access-policy>