--- a/documents/crossdomain.xml +++ b/documents/crossdomain.xml @@ -3,24 +3,23 @@ <cross-domain-policy> -<!-- Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html --> + <!-- Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html --> -<!-- Most restrictive policy: --> - <site-control permitted-cross-domain-policies="none"/> + <!-- Most restrictive policy: --> + <site-control permitted-cross-domain-policies="none"/> - -<!-- Least restrictive policy: --> -<!-- - <site-control permitted-cross-domain-policies="all"/> - <allow-access-from domain="*" to-ports="*" secure="false"/> - <allow-http-request-headers-from domain="*" headers="*" secure="false"/> ---> -<!-- - If you host a crossdomain.xml file with allow-access-from domain="*" - and don’t understand all of the points described here, you probably - have a nasty security vulnerability. ~ simon willison ---> + <!-- Least restrictive policy: --> + <!-- + <site-control permitted-cross-domain-policies="all"/> + <allow-access-from domain="*" to-ports="*" secure="false"/> + <allow-http-request-headers-from domain="*" headers="*" secure="false"/> + --> + <!-- + If you host a crossdomain.xml file with allow-access-from domain="*" + and don’t understand all of the points described here, you probably + have a nasty security vulnerability. ~ simon willison + --> </cross-domain-policy>