Allowing flash to do what all other HTTP clients can (well, apart from the bits which...

diff --git a/public/api/crossdomain.xml b/public/api/crossdomain.xml
index cbc8e2546d6dcae91906a3a39107ce8d54a976cc..669cae37d5c1887b81fdf16a66c6c9c7322dc559 100644 (file)
--- a/public/api/crossdomain.xml
+++ b/public/api/crossdomain.xml
@@ -3,8 +3,5 @@
 
 <cross-domain-policy>
        <allow-access-from domain="*"/>
-       <allow-http-request-headers-from domain="*" headers="Authorization"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+       <allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>

diff --git a/public/oauth/crossdomain.xml b/public/oauth/crossdomain.xml
index cbc8e2546d6dcae91906a3a39107ce8d54a976cc..669cae37d5c1887b81fdf16a66c6c9c7322dc559 100644 (file)
--- a/public/oauth/crossdomain.xml
+++ b/public/oauth/crossdomain.xml
@@ -3,8 +3,5 @@
 
 <cross-domain-policy>
        <allow-access-from domain="*"/>
-       <allow-http-request-headers-from domain="*" headers="Authorization"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
-       <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+       <allow-http-request-headers-from domain="*" headers="*"/>
 </cross-domain-policy>