From 53205dbb07352948753b2703c48fe45bbccf755a Mon Sep 17 00:00:00 2001 From: Tom Hughes Date: Mon, 6 Oct 2008 23:21:57 +0000 Subject: [PATCH] Update cross domain policy to only allow API access. --- config/lighttpd.conf | 10 +++++++++- public/api/crossdomain.xml | 10 ++++++++++ public/crossdomain.xml | 8 ++------ 3 files changed, 21 insertions(+), 7 deletions(-) create mode 100644 public/api/crossdomain.xml diff --git a/config/lighttpd.conf b/config/lighttpd.conf index 74aa6f38f..7a9e24145 100644 --- a/config/lighttpd.conf +++ b/config/lighttpd.conf @@ -65,9 +65,17 @@ mimetype.assign = ( ".js" => "application/x-javascript", ".png" => "image/png", ".swf" => "application/x-shockwave-flash", - ".txt" => "text/plain" + ".txt" => "text/plain", + ".xml" => "text/xml" ) +# +# Force special MIME type for crossdomain.xml files +# +$HTTP["url"] =~ "/crossdomain\.xml$" { + mimetype.assign = ( ".xml" => "text/x-cross-domain-policy" ) +} + # # Enable compression of appropriate static content # diff --git a/public/api/crossdomain.xml b/public/api/crossdomain.xml new file mode 100644 index 000000000..cbc8e2546 --- /dev/null +++ b/public/api/crossdomain.xml @@ -0,0 +1,10 @@ + + + + + + + + + + diff --git a/public/crossdomain.xml b/public/crossdomain.xml index 22ff5a40d..0a2ff6c5e 100644 --- a/public/crossdomain.xml +++ b/public/crossdomain.xml @@ -2,9 +2,5 @@ - - - - - - \ No newline at end of file + + -- 2.43.2