Freigeben über

Cross Domain Policy Extras

  • Artikel

Today's post wraps up the series on cross-domain policy files with some side stories that you probably don't have to deal with when using WCF in Silverlight.

I've been giving all of the examples using the defined Silverlight policy format. However, if the host you’re trying to connect to doesn't have a policy defined for Silverlight, then the client will fall back and check to see if the host has the equivalent cross-domain policy file used by Adobe Flash.

The Adobe Flash policy format is slightly simpler and is located in a file called crossdomain.xml instead of clientaccesspolicy.xml. Both files are expected to be located at the root of the domain. If the host returns a response for the Silverlight policy file, then the Adobe Flash policy file will not be checked.

Just like I gave you the DTD for the Silverlight policy format, here's the DTD for the Adobe Flash policy format.

 <!ELEMENT cross-domain-policy (site-control?,allow-access-from*,allow-http-request-headers-from*)>
<!ELEMENT site-control EMPTY>
<!ATTLIST site-control permitted-cross-domain-policies (all|by-content-type|by-ftp-filename|master-only|none) #REQUIRED>
<!ELEMENT allow-access-from EMPTY>
<!ATTLIST allow-access-from domain CDATA #REQUIRED>
<!ATTLIST allow-access-from to-ports CDATA #IMPLIED>
<!ATTLIST allow-access-from secure (true|false) "true">
<!ELEMENT allow-http-request-headers-from EMPTY>
<!ATTLIST allow-http-request-headers-from domain CDATA #REQUIRED>
<!ATTLIST allow-http-request-headers-from headers CDATA #REQUIRED>
<!ATTLIST allow-http-request-headers-from secure (true|false) "true">

The other part of policy that I didn't talk about was the policy used for socket resources. Currently there is no TCP channel for WCF in Silverlight so including a policy for socket connections wouldn't be of much use for web services. However, here are the differences between HTTP and TCP resources.

Instead of a resource path, you have a socket-resource port and protocol. The socket-resource port is the range of ports that the domain is allowed to make connections to. Additionally, there is a restriction that the allowed port range has to be within the range of ports 4502 to 4534. The socket-resource protocol is equivalent to the scheme, except in this case the only value supported currently is "tcp". If we added TCP support to WCF in Silverlight, then we'd probably define our own "net.tcp" scheme similar to what we do on the desktop.

Next time: Ephemeral Port Limits

Comments