400 bad requests now returning http headers? ( crossdomain.xml )

Thaxll nginx-forum at nginx.us
Tue Jun 10 18:49:58 UTC 2014


I'm using Nginx to serve a file called crossdomain.xml, that file is used by
Flash client to allow socket crossdomain Policy. It's a trick that many
people are using instead of having a dedicated app to server that file. The
trick is to return that xml file when nginx get a bad request. Since a
recent version ( 1.4.7+ ) it seems that a bad request replies include HTTP
headers and therefore breaking the Flash client ( instead of returning only
the data without headers ). Is there a way to remove those headers? Also I
searched in the changelog and didn't find any hints about that change?

Example: perl -e 'printf "<policy-file-request/>%c",0' | nc test.com 843

HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 10 Jun 2014 18:44:00 GMT
Content-Type: text/xml
Content-Length: 308
Connection: close
ETag: "5385f727-134"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
<allow-access-from domain="*" secure="false" to-ports="*"/>  
<site-control permitted-cross-domain-policies="master-only" />  


Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250772,250772#msg-250772

More information about the nginx mailing list