...
/X-Permitted-Cross-Domain-Policies & Referrer-Policy
X-Permitted-Cross-Domain-Policies & Referrer-Policy
In this lesson, we'll study a couple of headers.
We'll cover the following...
Related to CORS, the X-Permitted-Cross-Domain-Policies
targets cross-domain policies for Adobe products, namely Flash and Acrobat.
I won’t go too much into the details, as this is a header that targets very specific use cases, but, long story short, Adobe products handle cross-domain request through a crossdomain.xml
file in the root of the domain the request is targeting. The X-Permitted-Cross-Domain-Policies
defines policies to access this file.
Sounds complicated? I would simply suggest adding an X-Permitted-Cross-Domain-Policies: none
and ignore clients wanting to make cross-domain requests with Flash.
In 2017, Adobe announced it would discontinue support for Flash, meaning you most ...