Silverlight Cross-Domain Policy Error

To reduce the risk of Cross-site forgery exploits, Silverlight by default does not allow cross-domain communication. To allow a Silverlight control to access a service in another domain the permision needs to be explicitly set.

There are two different ways to allow cross-domain access:

• A clientaccesspolicy.xml file needs to be placed at the root of the domain where the service is hosted.
• A crossdomain.xml file needs to be placed at the root of the domain where the service is hosted.

Below is an example of a clientaccesspolicy.xml file. This file's configuration will allow access from any other domain to all resources on the current domain.

    
            <?xml version="1.0" encoding="utf-8"?>
            <access-policy>
            <cross-domain-access>
                <policy>
                  <allow-from http-request-headers="SOAPAction">
                    <domain uri="*"/>
                  </allow-from>
                  <grant-to>
                    <resource path="/" include-subpaths="true"/>
                  </grant-to>
                </policy>
            </cross-domain-access>
            </access-policy>
            

Below is an example of a crossdomain.xml file. This file will allow access from any other domain.

            <?xml version="1.0"?>
            <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
            <cross-domain-policy>
                <allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/>
            </cross-domain-policy>
            

For more information, refer to http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx

 

 

---

Products | Support | Contact Us | Copyright Notices

© 2006-2012 All Rights Reserved. LEAD Technologies, Inc.