Merge r17285 from the oauth branch - allow flash access to set headers, even when hosted at non-openstreetmap domains

2009-09-29 14:18:33 +00:00 · 2009-09-29 14:18:33 +00:00 · 5d07b6d76c
commit 5d07b6d76c
parent d9c17e930d 26a9f98dc1
2 changed files with 2 additions and 8 deletions
--- a/public/api/crossdomain.xml
+++ b/public/api/crossdomain.xml
@ -3,8 +3,5 @@

 <cross-domain-policy>
 	<allow-access-from domain="*"/>
-	<allow-http-request-headers-from domain="*" headers="Authorization"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+	<allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>
--- a/public/oauth/crossdomain.xml
+++ b/public/oauth/crossdomain.xml
@ -3,8 +3,5 @@

 <cross-domain-policy>
 	<allow-access-from domain="*"/>
-	<allow-http-request-headers-from domain="*" headers="Authorization"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+	<allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>