Hi,

I'm using Nginx to serve a file called crossdomain.xml, that file is used by Flash client to allow socket crossdomain Policy. It's a trick that many people are using instead of having a dedicated app to server that file. The trick is to return that xml file when nginx get a bad request. Since a recent version ( 1.4.7+ ) it seems that a bad request replies include HTTP headers and therefore breaking the Flash client ( instead of returning only the data without headers ). Is there a way to remove those headers? Also I searched in the changelog and didn't find any hints about that change?

Example: perl -e 'printf "<policy-file-request/>%c",0' | nc test.com 843

HTTP/1.1 400 Bad Request
Server: nginx
Date: Tue, 10 Jun 2014 18:44:00 GMT
Content-Type: text/xml
Content-Length: 308
Connection: close
ETag: "5385f727-134"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" to-ports="*"/>
<site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>

Regards,