Revert r17851 and just give non-local flash clients access to
[rails.git] / public / api / crossdomain.xml
index 669cae37d5c1887b81fdf16a66c6c9c7322dc559..52e8397a3bdab1327607300b88157f32ed110976 100644 (file)
@@ -3,5 +3,8 @@
 
 <cross-domain-policy>
        <allow-access-from domain="*"/>
-       <allow-http-request-headers-from domain="*" headers="*"/>
+       <allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
+       <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
+       <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
+       <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
 </cross-domain-policy>