Given that this works perfectly with Firefox 2.0/WindowsXP..

I have the following architecture loading an xml feed:


TOP DOCUMENT: a Facebook page, with my application in the Canvas featuring an iFrame.

BOTTOM DOCUMENT: a simple XHTML page with the official JS embedder for Flash media.

FLASH: an AS3 movie, that loads data from a PHP script on the same domain.



I have put a crossdomain.xml policy file on my server, allowing access from Facebook. I have set allowScriptAccess to always.
The freaking thing just doesn't work in IE or Safari.

What happens:
the server returns STATUS 200, but nothing is returned to the Flash movie.
It's just like the PHP script didn't output anything at all.

No errors are thrown, no IOError, no other status code. Nothing.

If I open the BOTTOM DOCUMENT directly, in a new page, everything works perfectly in any browser, so I guess this has to do with the document being framed in a document from another domain.

Is there any way to work around it?

All this security crap is just a pain in the neck. It makes me loose thousands of bucks every year in time waisted.