added some extra wording to crossdomain.xml

zhj3618 · Oct 23, 2010 · 73489ab · 73489ab
1 parent 7914e53
commit 73489ab
Showing 1 changed file with 13 additions and 1 deletion.
diff --git a/crossdomain.xml b/crossdomain.xml
@@ -1,13 +1,25 @@
 <?xml version="1.0"?>
 <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
 <cross-domain-policy>
-<!-- README: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html -->
+
+
+<!-- Read this: www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html -->
+
 <!-- Most restrictive policy: -->
 	<site-control permitted-cross-domain-policies="none"/>
+
+
+
 <!-- Least restrictive policy: -->
 <!--
 	<site-control permitted-cross-domain-policies="all"/>
 	<allow-access-from domain="*" to-ports="*" secure="false"/>
 	<allow-http-request-headers-from domain="*" headers="*" secure="false"/>
 -->
+<!--
+  If you host a crossdomain.xml file with allow-access-from domain=“*” 	 	
+  and don’t understand all of the points described here, you probably 	 	
+  have a nasty security vulnerability. ~ simon willison
+-->
+
 </cross-domain-policy>