<cross-domain-policy>
<allow-access-from domain="*"/>
- <allow-http-request-headers-from domain="*" headers="Authorization"/>
+ <allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
<allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
<allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
<allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>