<cross-domain-policy>
<allow-access-from domain="*"/>
- <allow-http-request-headers-from domain="*" headers="Authorization"/>
- <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
- <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
- <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+ <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>