--- a/documents/crossdomain.xml +++ b/documents/crossdomain.xml @@ -1,1 +1,26 @@ +<?xml version="1.0"?> +<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> +<cross-domain-policy> + +<!-- Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html --> + +<!-- Most restrictive policy: --> + <site-control permitted-cross-domain-policies="none"/> + + + +<!-- Least restrictive policy: --> +<!-- + <site-control permitted-cross-domain-policies="all"/> + <allow-access-from domain="*" to-ports="*" secure="false"/> + <allow-http-request-headers-from domain="*" headers="*" secure="false"/> +--> +<!-- + If you host a crossdomain.xml file with allow-access-from domain="*" + and don’t understand all of the points described here, you probably + have a nasty security vulnerability. ~ simon willison +--> + +</cross-domain-policy> +