github/diaspora
1
1
Fork 0
mirror of https://github.com/diaspora/diaspora.git synced 2026-01-10 07:38:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Drop no longer needed and too open crossdomain.xml

Browse Source 
It allowed Flash apps on any domain to make requests on
behalf of a signed in user.

Thanks to Oliver Beg for the hint.
This commit is contained in:
Jonne Haß
2014-11-11 14:25:10 +01:00
parent aec00f834f
commit b4a24bd49e
2 changed files with 1 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
Changelog.md
View File

@@ -87,6 +87,7 @@ This is disabled by default since it requires the installation of additional pac
* Handle unset user agent when signing out [#5316](https://github.com/diaspora/diaspora/pull/5316)
* More robust URL parsing for oEmbed and OpenGraph [#5347](https://github.com/diaspora/diaspora/pull/5347)
* Fix Publisher doesn't expand while uloading images [#3098](https://github.com/diaspora/diaspora/issues/3098)
* Drop unneeded and too open crossdomain.xml
## Features
* Don't pull jQuery from a CDN by default [#5105](https://github.com/diaspora/diaspora/pull/5105)

3
public/crossdomain.xml
View File

@@ -1,3 +0,0 @@
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>