To reduce the risk of Cross-site forgery exploits, Silverlight by default does not allow cross-domain communication. To allow a Silverlight control to access a service in another domain the permision needs to be explicitly set.
There are two different ways to allow cross-domain access:
- A clientaccesspolicy.xml file needs to be placed at the root of the domain where the service is hosted.
- A crossdomain.xml file needs to be placed at the root of the domain where the service is hosted.
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="SOAPAction"> <domain uri="*"/> </allow-from> <grant-to> <resource path="/" include-subpaths="true"/> </grant-to> </policy> </cross-domain-access> </access-policy>
Below is an example of a crossdomain.xml file. This file will allow access from any other domain.
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/> </cross-domain-policy>
For more information, refer to http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx