Why is Unity trying to get a crossdomain policy, even when trying to access a server on the same domain?

( I’ve previously posted this in the forums, before I new about unityAnswers. Sorry for reposting, but since it didn’t attract any views there, I thought maybe I’d try my luck here:) )

The situation is this:

A Unity project is built targeting the WebPlayer platform. The resulting .html and .unity3d files are put in Apache’s htdocs, and served by the localhost. The project, when launched by loading the page http://localhost/WebPlayer.html, tries to connect to a server application, which is also running on localhost.

Since both the Unity client and the server reside on the same domain, I expected there would be no need for a crossdomain.xml, but I still get the “Unable to connect, as no valid crossdomain policy was found”. (Of course, if I launch the Unity’s pre-packaged policy server, there is no problem).

Running from within the Unity Editor, with “WWW Security Emulation Settings” set to has the same result.

The question is, should this be happening? (I think it shouldn’t.) Why is Unity trying to get a crossdomain policy in this case? Am I missing something?
Any info would be appreciated.

Whats your code looking at?
Or asked differently: Are you sure that the access you do is done with relative filepaths, not with absolute ones that use localhost or Application.xxxxurl and alike?

Crossdomain requirement is only waived for relative filepaths, for anything that uses absolute it enforces them to be present.

Trying to use sockets will always require crossdomain from what I recall (more correctly there is better a policy server running otherwise the performance suffers), no way to get around and no matter where you connect to. The reason here is security, otherwise you could missuse a java or flash plug running side by side to it to overcome security limitations that way allowing 3rd party to inject a virus or trojan that way by replacing yours and redirecting it to their place

The problem is a two fold one:

  1. There is WWW - For WWW, there is the case where you don’t need a crossdomain.xml, thats when you access things by relative filepaths. But if you use explicit domains / IPs for it, the target webhost has to have the Crossdomain.xml at its top level in accessable form.

  2. There are Sockets - Sockets in Unity follow the regular web security Policy for sockets (same as Flash and Silverlight - as the rules on WWW too by the way). For sockets you have the option to use the PrefetchSecurity function (should work, never used it as I have the policy server) or if you really use the socket for gaming and alike, you want to use the Policy Server or create your own inbuilt in your game server (SFS and Photon have it inbuilt). Interesting and important here is to know that unity uses the same port etc as Silverlight.

What the documentation part on sockets you quoted there wanted to tell you is that if your connection goes to a specific host (anything but relative filepaths, so always for sockets), the policy security has to be complied to basically