    <?xml version="1.0" encoding="utf-8" ?>  
    <access-policy>  
      <cross-domain-access>  
        <policy>  
          <allow-from http-request-headers="*">  
            <domain uri="*"/>  
          </allow-from>  
          <grant-to>  
            <resource path="/" include-subpaths="true"/>  
          </grant-to>  
        </policy>  
      </cross-domain-access>  
    </access-policy>  