find any information anywhere that gives me any idea why we would want to
restrict what headers can be sent.
<cross-domain-policy>
<allow-access-from domain="*"/>
- <allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
- <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
- <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
- <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+ <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
<cross-domain-policy>
<allow-access-from domain="*"/>
- <allow-http-request-headers-from domain="*" headers="Authorization,X_HTTP_METHOD_OVERRIDE"/>
- <allow-http-request-headers-from domain="*.openstreetmap.org" headers="*"/>
- <allow-http-request-headers-from domain="*.openstreetmap.net" headers="*"/>
- <allow-http-request-headers-from domain="*.openstreetmap.com" headers="*"/>
+ <allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>