From c192b950213ceeab7e5d28019f3a702ed464be7a Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Wed, 30 Sep 2009 23:47:26 +0000
Subject: [PATCH] Open up crossdomain policy to allow all headers from
 everywhere as I can't find any information anywhere that gives me any idea
 why we would want to restrict what headers can be sent.

---
 public/api/crossdomain.xml   | 5 +----
 public/oauth/crossdomain.xml | 5 +----
 2 files changed, 2 insertions(+), 8 deletions(-)

diff --git a/public/api/crossdomain.xml b/public/api/crossdomain.xml
index 52e8397a3..669cae37d 100644
--- a/public/api/crossdomain.xml
+++ b/public/api/crossdomain.xml
@@ -3,8 +3,5 @@
 
 <cross-domain-policy>
 	<allow-access-from domain="*"/>
-	<allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+	<allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>
diff --git a/public/oauth/crossdomain.xml b/public/oauth/crossdomain.xml
index 52e8397a3..669cae37d 100644
--- a/public/oauth/crossdomain.xml
+++ b/public/oauth/crossdomain.xml
@@ -3,8 +3,5 @@
 
 <cross-domain-policy>
 	<allow-access-from domain="*"/>
-	<allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-	<allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+	<allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>
-- 
2.43.2