From b4a24bd49e2a7f4b4ab75050dfba06f61bb2b9f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jonne=20Ha=C3=9F?= <me@jhass.eu>
Date: Tue, 11 Nov 2014 14:25:10 +0100
Subject: [PATCH] Drop no longer needed and too open crossdomain.xml

It allowed Flash apps on any domain to make requests on
behalf of a signed in user.

Thanks to Oliver Beg for the hint.
---
 Changelog.md           | 1 +
 public/crossdomain.xml | 3 ---
 2 files changed, 1 insertion(+), 3 deletions(-)
 delete mode 100644 public/crossdomain.xml

diff --git a/Changelog.md b/Changelog.md
index fb161ac08..f54a11d5b 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -87,6 +87,7 @@ This is disabled by default since it requires the installation of additional pac
 * Handle unset user agent when signing out [#5316](https://github.com/diaspora/diaspora/pull/5316)
 * More robust URL parsing for oEmbed and OpenGraph [#5347](https://github.com/diaspora/diaspora/pull/5347)
 * Fix Publisher doesn't expand while uloading images [#3098](https://github.com/diaspora/diaspora/issues/3098)
+* Drop unneeded and too open crossdomain.xml
 
 ## Features
 * Don't pull jQuery from a CDN by default [#5105](https://github.com/diaspora/diaspora/pull/5105)
diff --git a/public/crossdomain.xml b/public/crossdomain.xml
deleted file mode 100644
index 6c5ca91c4..000000000
--- a/public/crossdomain.xml
+++ /dev/null
@@ -1,3 +0,0 @@
-<cross-domain-policy>
-     <allow-access-from domain="*" to-ports="*" />
-</cross-domain-policy>