© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
Thank you for your report!
Swift provides operators with the ability to configure the policy they like, including returning a client error (effectively disabling cross-domain access). For more information, see https:/
Thinking of Swift generally:
The crossdomain middleware is disabled by default. Operators need to explicitly configure it, or all requests to the /crossdomain.xml path will receive a client error.
If enabled, the crossdomain middleware is very permissive by default. This stems from it origin and continued use as a public cloud platform, where a permissive policy is appropriate. We may want to highlight the permissiveness of the default in docs.
As to the specific concern reported, this seems like something to take to Oracle -- though I would expect that, as a public cloud provider, they may well *want* a permissive policy.