I am building a Silverlight client library for fluiddb, to experiment
with some ideas I have.
Silverlight and Flash are browser plugins, and both prevent calling
'services' on domains other than that which the application is served,
unless the owner of the 'service' puts in place a cross domain policy
file. It is an 'opt-in' security strategy.
I have encountered this issue when testing my Silverlight
implementation. I can see by watching the network traffic, that
Silverlight looks for
http://sandbox.fluidinfo.com/clientaccesspolicy.xml
and if that can't be found, it looks for
http://sandbox.fluidinfo.com/crossdomain.xml
I am seeing a 404 error in both cases.
Silverlight can use either clientaccesspolicy.xml or the Flash
crossdomain.xml. Therefore I think this issue could be solved for
both Flash and Silverlight clients, by adding a file called
crossdomain.xml to the root of the domain, with roughly the following
content :
<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "
http://www.macromedia.com/xml/
dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>
I am not 100% sure that headers="*" will work, particularly for Flash,
but if it doesn't then the specific allowed headers might need to be
listed.
This is explained in more detail here :
http://msdn.microsoft.com/en-us/library/cc197955%28VS.95%29.aspx
I realise that I have some other options :
1. Create a 'proxy' service on my domain that forwards the requests /
responses. However this introduces an undesirable overhead, and
affects the scalability of the app.
2. Do it via JSONP. This can be done from Silverlight, however it is
very much a hack and makes for an ugly programming model. Not to
mention that it might not be an option in the future.