nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drop no longer needed and too open crossdomain.xml

Browse source 
It allowed Flash apps on any domain to make requests on
behalf of a signed in user.

Thanks to Oliver Beg for the hint.
This commit is contained in:
Jonne Haß 2014-11-11 14:25:10 +01:00
parent aec00f834f
commit b4a24bd49e
2 changed files with 1 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Changelog.md
View file

@ -87,6 +87,7 @@ This is disabled by default since it requires the installation of additional pac
* Handle unset user agent when signing out [#5316](https://github.com/diaspora/diaspora/pull/5316) * Handle unset user agent when signing out [#5316](https://github.com/diaspora/diaspora/pull/5316)
* More robust URL parsing for oEmbed and OpenGraph [#5347](https://github.com/diaspora/diaspora/pull/5347) * More robust URL parsing for oEmbed and OpenGraph [#5347](https://github.com/diaspora/diaspora/pull/5347)
* Fix Publisher doesn't expand while uloading images [#3098](https://github.com/diaspora/diaspora/issues/3098) * Fix Publisher doesn't expand while uloading images [#3098](https://github.com/diaspora/diaspora/issues/3098)
* Drop unneeded and too open crossdomain.xml
## Features ## Features
* Don't pull jQuery from a CDN by default [#5105](https://github.com/diaspora/diaspora/pull/5105) * Don't pull jQuery from a CDN by default [#5105](https://github.com/diaspora/diaspora/pull/5105)

3
public/crossdomain.xml
View file

@ -1,3 +0,0 @@
<cross-domain-policy>
<allow-access-from domain="*" to-ports="*" />
</cross-domain-policy>