From: Tom Hughes Date: Mon, 6 Oct 2008 23:21:57 +0000 (+0000) Subject: Update cross domain policy to only allow API access. X-Git-Tag: live~7685 X-Git-Url: https://git.openstreetmap.org/rails.git/commitdiff_plain/53205dbb07352948753b2703c48fe45bbccf755a?hp=ed2b100969ed54354c7f899365502105b84ee977;ds=sidebyside Update cross domain policy to only allow API access. --- diff --git a/config/lighttpd.conf b/config/lighttpd.conf index 74aa6f38f..7a9e24145 100644 --- a/config/lighttpd.conf +++ b/config/lighttpd.conf @@ -65,9 +65,17 @@ mimetype.assign = ( ".js" => "application/x-javascript", ".png" => "image/png", ".swf" => "application/x-shockwave-flash", - ".txt" => "text/plain" + ".txt" => "text/plain", + ".xml" => "text/xml" ) +# +# Force special MIME type for crossdomain.xml files +# +$HTTP["url"] =~ "/crossdomain\.xml$" { + mimetype.assign = ( ".xml" => "text/x-cross-domain-policy" ) +} + # # Enable compression of appropriate static content # diff --git a/public/api/crossdomain.xml b/public/api/crossdomain.xml new file mode 100644 index 000000000..cbc8e2546 --- /dev/null +++ b/public/api/crossdomain.xml @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/public/crossdomain.xml b/public/crossdomain.xml index 22ff5a40d..0a2ff6c5e 100644 --- a/public/crossdomain.xml +++ b/public/crossdomain.xml @@ -2,9 +2,5 @@ - - - - - - \ No newline at end of file + +