<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="*" /> <domain uri="http://*" /> </allow-from> <grant-to> <resource path="/packages" include-subpaths="true"/> <resource path="/downloads" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>