I have a website configured which have a crossdomain.xml file. Recently I read about site control cross domain policy vulnerability, so I want to know , how a secure crossdomain.xml file look like, and is my crossdomain.xml file right?
My crossdomain.xml file contains:
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
Do <site-control permitted-cross-domain-policies="master-only" /> makes any difference.
Aucun commentaire:
Enregistrer un commentaire