]> git.openstreetmap.org Git - rails.git/blob - public/api/crossdomain.xml
Update cross domain policy to only allow API access.
[rails.git] / public / api / crossdomain.xml
1 <?xml version="1.0"?>
2 <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
3
4 <cross-domain-policy>
5         <allow-access-from domain="*"/>
6         <allow-http-request-headers-from domain="*" headers="Authorization"/>
7         <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
8         <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
9         <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
10 </cross-domain-policy>