]> git.openstreetmap.org Git - rails.git/commitdiff
projects / rails.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (from parent 1: ed2b100)
Update cross domain policy to only allow API access.
authorTom Hughes <tom@compton.nu>
Mon, 6 Oct 2008 23:21:57 +0000 (23:21 +0000)
committerTom Hughes <tom@compton.nu>
Mon, 6 Oct 2008 23:21:57 +0000 (23:21 +0000)
config/lighttpd.conf patch | blob | history
public/api/crossdomain.xml [new file with mode: 0644] patch | blob
public/crossdomain.xml patch | blob | history

diff --git a/config/lighttpd.conf b/config/lighttpd.conf
index 74aa6f38f3628f16dfdd7eb64154df738ba8282a..7a9e241452cc9ebf2dd80dc328e383bb7c6b4b23 100644 (file)
--- a/config/lighttpd.conf
+++ b/config/lighttpd.conf
@@ -65,9 +65,17 @@ mimetype.assign = (
   ".js" => "application/x-javascript",
   ".png" => "image/png",
   ".swf" => "application/x-shockwave-flash",
   ".js" => "application/x-javascript",
   ".png" => "image/png",
   ".swf" => "application/x-shockwave-flash",
-  ".txt" => "text/plain"
+  ".txt" => "text/plain",
+  ".xml" => "text/xml"
 )
 
 )
 
+#
+# Force special MIME type for crossdomain.xml files
+#
+$HTTP["url"] =~ "/crossdomain\.xml$" {
+  mimetype.assign = ( ".xml" => "text/x-cross-domain-policy" )
+}
+
 #
 # Enable compression of appropriate static content
 #
 #
 # Enable compression of appropriate static content
 #
diff --git a/public/api/crossdomain.xml b/public/api/crossdomain.xml
new file mode 100644 (file)
index 0000000..cbc8e25
--- /dev/null
+++ b/public/api/crossdomain.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
+
+<cross-domain-policy>
+       <allow-access-from domain="*"/>
+       <allow-http-request-headers-from domain="*" headers="Authorization"/>
+       <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
+       <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
+       <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+</cross-domain-policy>
diff --git a/public/crossdomain.xml b/public/crossdomain.xml
index 22ff5a40d4a46bc123af6f7205918fb60997f648..0a2ff6c5e2038533ce3ecab1999453ee50e1005d 100644 (file)
--- a/public/crossdomain.xml
+++ b/public/crossdomain.xml
@@ -2,9 +2,5 @@
 <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
 
 <cross-domain-policy>
 <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
 
 <cross-domain-policy>
-       <site-control permitted-cross-domain-policies="master-only"/>
-       <allow-access-from domain="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
-</cross-domain-policy>
\ No newline at end of file
+       <site-control permitted-cross-domain-policies="by-content-type"/>
+</cross-domain-policy>
The OpenStreetMap web site