Open up crossdomain policy to allow all headers from everywhere as I can't
authorTom Hughes <tom@compton.nu>
Wed, 30 Sep 2009 23:47:26 +0000 (23:47 +0000)
committerTom Hughes <tom@compton.nu>
Wed, 30 Sep 2009 23:47:26 +0000 (23:47 +0000)
find any information anywhere that gives me any idea why we would want to
restrict what headers can be sent.

public/api/crossdomain.xml
public/oauth/crossdomain.xml

index 52e8397..669cae3 100644 (file)
@@ -3,8 +3,5 @@
 
 <cross-domain-policy>
        <allow-access-from domain="*"/>
-       <allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+       <allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>
index 52e8397..669cae3 100644 (file)
@@ -3,8 +3,5 @@
 
 <cross-domain-policy>
        <allow-access-from domain="*"/>
-       <allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+       <allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>