Hi
We currently handle the Flash based crossdomain.xml and the upcoming
Access-Control-Allow-Origin in different ways in our code. How about,
instead of setting a path to a crossdomain.xml file, we allow the user
to provide a list of allowed domains. That way, we can create a
response to /crossdomain.xml on the fly as well as correctly set
Access-Control-Allow-Origin. Also, I think we should default both of
these to only allow access from the domain the BoshServlet runs on.
If this sounds good, I'll go ahead and make the changes.
/niklas
|