Can this be solved without having the crossdomain.xml under the domain of the server? My application <pretty.swf> is recognizing the data <data.xml> to be remote. Although they are from the same domain, <pretty2.swf> does not work without loading the policy file.

From the security updates stated in Flash version 7 <source>, it states that:

...we added a new permission mechanism which allows broader cross-domain cooperation. You can perform data loading (loadVariables, XML, XMLSocket, runtime shared libraries, Flash Remoting) from outside a movie's own domain as long as the server providing the data provides a policy file—a small XML file that grants cross-domain loading permissions...

Since Flash 8 just has security modification for local sandbox(since my application telling me that the type of the sandbox of my application is remote), I was mainly looking at the newly released(Apr 2008, Flash 9) security updates, and found my problem does not quite suit in one of these catergories.

    "

• You use sockets or XMLSockets, regardless of the domain to which you are connecting

• You use addRequestHeader or URLRequest.requestHeaders in any network API call when sending or loading data cross-domain

  or

  You provide access to content on remote domains as a web service provider

• You have SWFs that are exported for Flash Player 7 (SWF7) or earlier that communicate with the hosting HTML by any means
• You use "javascript:" through network APIs to communicate outside a SWF      "
  

Since my application and data are from the same domain, why pretty2.swf does not work without the crossdomain.xml?