Drop no longer needed and too open crossdomain.xml

It allowed Flash apps on any domain to make requests on behalf of a signed in user. Thanks to Oliver Beg for the hint.
2014-11-11 14:25:10 +01:00 · 2014-11-11 14:25:10 +01:00 · b4a24bd49e
commit b4a24bd49e
parent aec00f834f
2 changed files with 1 additions and 3 deletions
--- a/Changelog.md
+++ b/Changelog.md
@ -87,6 +87,7 @@ This is disabled by default since it requires the installation of additional pac
 * Handle unset user agent when signing out [#5316](https://github.com/diaspora/diaspora/pull/5316)
 * More robust URL parsing for oEmbed and OpenGraph [#5347](https://github.com/diaspora/diaspora/pull/5347)
 * Fix Publisher doesn't expand while uloading images [#3098](https://github.com/diaspora/diaspora/issues/3098)
+* Drop unneeded and too open crossdomain.xml

 ## Features
 * Don't pull jQuery from a CDN by default [#5105](https://github.com/diaspora/diaspora/pull/5105)
--- a/public/crossdomain.xml
+++ b/public/crossdomain.xml
@ -1,3 +0,0 @@
-<cross-domain-policy>
-     <allow-access-from domain="*" to-ports="*" />
-</cross-domain-policy>