Products | Support | Email a link to this topic. | Send comments on this topic. | Back to Introduction | Help Version 19.0.7.12
|
To reduce the risk of Cross-site forgery exploits, Silverlight by default does not allow cross-domain communication. To allow a Silverlight control to access a service in another domain the permission needs to be explicitly set.
There are two different ways to allow cross-domain access:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
Below is an example of a crossdomain.xml file. This file will allow access from any other domain.
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/>
</cross-domain-policy>
For more information, refer to http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx