Hi all.
Does anyone here know what the deal is with upload.wikimedia.org/crossdomain.xml ? I couldn't find it anywhere in the puppet repository. I was under the impression that it was so cortado java applet could play video files. However its current value is:
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> <allow-http-request-headers-from domain="*" headers="X-Range" /> </cross-domain-policy>
And java (or at least some versions. Docs are a bit scarce. The old version I have installed - 1.6.0_12 follows this at any rate), seem to indicate that java doesn't support the "allow-http-request-headers-from" element, and will ignore the file if present. Thus if you get past the whole applet is unsigned (not easy on modern java), you will be burned by the same origin policy preventing loading from upload.wikimedia.org since java doesn't like the crossdomain.xml
Thus I'm wondering what the "<allow-http-request-headers-from domain="*" headers="X-Range" />" is for. What else do we use that looks at this file? (Flash would be the most obvious candidate for using such a file. ). Why would it want to allow an "X-Range" header anyways? Isn't the header named "Range" without the X- ? In my quick test, sending an x-range header did nothing.
--bawolff