silverlight / flash clients

1 view
Skip to first unread message

ross

unread,
May 31, 2010, 11:25:25 PM5/31/10
to FluidDB Discuss
I am building a Silverlight client library for fluiddb, to experiment
with some ideas I have.

Silverlight and Flash are browser plugins, and both prevent calling
'services' on domains other than that which the application is served,
unless the owner of the 'service' puts in place a cross domain policy
file. It is an 'opt-in' security strategy.

I have encountered this issue when testing my Silverlight
implementation. I can see by watching the network traffic, that
Silverlight looks for

http://sandbox.fluidinfo.com/clientaccesspolicy.xml

and if that can't be found, it looks for

http://sandbox.fluidinfo.com/crossdomain.xml

I am seeing a 404 error in both cases.

Silverlight can use either clientaccesspolicy.xml or the Flash
crossdomain.xml. Therefore I think this issue could be solved for
both Flash and Silverlight clients, by adding a file called
crossdomain.xml to the root of the domain, with roughly the following
content :

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/
dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy>

I am not 100% sure that headers="*" will work, particularly for Flash,
but if it doesn't then the specific allowed headers might need to be
listed.

This is explained in more detail here :

http://msdn.microsoft.com/en-us/library/cc197955%28VS.95%29.aspx

I realise that I have some other options :

1. Create a 'proxy' service on my domain that forwards the requests /
responses. However this introduces an undesirable overhead, and
affects the scalability of the app.

2. Do it via JSONP. This can be done from Silverlight, however it is
very much a hack and makes for an ugly programming model. Not to
mention that it might not be an option in the future.

Esteve Fernandez

unread,
Jun 3, 2010, 12:09:51 PM6/3/10
to fluiddb...@googlegroups.com
Hi Ross,

[I forgot to reply Ross here. BTW the idea of a Silverlight client is
awesome :-)]

On Tue, Jun 1, 2010 at 5:25 AM, ross <rjem...@gmail.com> wrote:
> Silverlight can use either clientaccesspolicy.xml or the Flash
> crossdomain.xml.  Therefore I think this issue could be solved for
> both Flash and Silverlight clients, by adding a file called
> crossdomain.xml to the root of the domain, with roughly the following
> content :

We've already checked in a crossdomain.xml file in FluidDB's source
tree with the contents you sent us, and it will be in the next release
(which I'm hoping will happen pretty soon).

Thanks a lot Ross!

Esteve Fernandez

unread,
Jun 20, 2010, 4:24:51 PM6/20/10
to fluiddb...@googlegroups.com
Hi again,

Ross, we just put a crossdomain.xml file in the sandbox
(http://sandbox.fluidinfo.com) with the contents you told us. Could
you check if it works for you?

Thanks a lot!

ross jempson

unread,
Jun 20, 2010, 10:12:21 PM6/20/10
to fluiddb...@googlegroups.com
Sure. I'll try it this evening and let you know.
Reply all
Reply to author
Forward
0 new messages