| <?xml version="1.0"?> | <?xml version="1.0"?> |
| <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> | <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> |
| <cross-domain-policy> | <cross-domain-policy> |
| <!-- Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html --> | <!-- Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html --> |
| <!-- Most restrictive policy: --> | <!-- Most restrictive policy: --> |
| <site-control permitted-cross-domain-policies="none"/> | <site-control permitted-cross-domain-policies="none"/> |
| <!-- Least restrictive policy: --> | |
| <!-- Least restrictive policy: --> | <!-- |
| <!-- | <site-control permitted-cross-domain-policies="all"/> |
| <site-control permitted-cross-domain-policies="all"/> | <allow-access-from domain="*" to-ports="*" secure="false"/> |
| <allow-access-from domain="*" to-ports="*" secure="false"/> | <allow-http-request-headers-from domain="*" headers="*" secure="false"/> |
| <allow-http-request-headers-from domain="*" headers="*" secure="false"/> | --> |
| --> | <!-- |
| <!-- | If you host a crossdomain.xml file with allow-access-from domain="*" |
| If you host a crossdomain.xml file with allow-access-from domain="*" | and don’t understand all of the points described here, you probably |
| and don’t understand all of the points described here, you probably | have a nasty security vulnerability. ~ simon willison |
| have a nasty security vulnerability. ~ simon willison | --> |
| --> | |
| </cross-domain-policy> | </cross-domain-policy> |