diff options
| author | Tim Burke <tim.burke@gmail.com> | 2023-04-18 14:19:31 -0700 |
|---|---|---|
| committer | Alistair Coles <alistairncoles@gmail.com> | 2023-04-19 12:03:27 +0100 |
| commit | ed1f5193e5e69cb19eafa55d6b4c29a4e3575b00 (patch) | |
| tree | f561c5adb42368a286adea53bc1cc01c65800385 /doc | |
| parent | 4b6f54d063c33e13ced7d6dd5208921680f56ca6 (diff) | |
| download | swift-ed1f5193e5e69cb19eafa55d6b4c29a4e3575b00.tar.gz | |
docs: Clean up cross-domain doc formatting; call out CWE-942
Change-Id: I7ab605d48972e8dc06e630d160c745baeea91355
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/source/crossdomain.rst | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/doc/source/crossdomain.rst b/doc/source/crossdomain.rst index 3ea578eb5..d2d55facc 100644 --- a/doc/source/crossdomain.rst +++ b/doc/source/crossdomain.rst @@ -9,10 +9,12 @@ with the Swift API. See http://www.adobe.com/devnet/articles/crossdomain_policy_file_spec.html for a description of the purpose and structure of the cross-domain policy file. The cross-domain policy file is installed in the root of a web -server (i.e., the path is /crossdomain.xml). +server (i.e., the path is ``/crossdomain.xml``). -The crossdomain middleware responds to a path of /crossdomain.xml with an -XML document such as:: +The crossdomain middleware responds to a path of ``/crossdomain.xml`` with an +XML document such as: + +.. code:: xml <?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd" > @@ -31,12 +33,16 @@ Configuration To enable this middleware, add it to the pipeline in your proxy-server.conf file. It should be added before any authentication (e.g., tempauth or keystone) middleware. In this example ellipsis (...) indicate other -middleware you may have chosen to use:: +middleware you may have chosen to use: + +.. code:: cfg [pipeline:main] pipeline = ... crossdomain ... authtoken ... proxy-server -And add a filter section, such as:: +And add a filter section, such as: + +.. code:: cfg [filter:crossdomain] use = egg:swift#crossdomain @@ -45,11 +51,19 @@ And add a filter section, such as:: For continuation lines, put some whitespace before the continuation text. Ensure you put a completely blank line to terminate the -cross_domain_policy value. +``cross_domain_policy`` value. -The cross_domain_policy name/value is optional. If omitted, the policy -defaults as if you had specified:: +The ``cross_domain_policy`` name/value is optional. If omitted, the policy +defaults as if you had specified: + +.. code:: cfg cross_domain_policy = <allow-access-from domain="*" secure="false" /> +.. note:: + + The default policy is very permissive; this is appropriate + for most public cloud deployments, but may not be appropriate + for all deployments. See also: + `CWE-942 <https://cwe.mitre.org/data/definitions/942.html>`__ |