Comments on: Silverlight HTTP Networking Stack – Part 3 (Configuring a Cross Domain Policy File)

By: Recent Links: ASP.NET, ASP.NET AJAX, ASP.NET MVC, Silverlight « Tad Wang’s Weblog

Fri, 18 Dec 2009 20:26:21 +0000

[...] HTTP Networking Stack (Part 1), (Part 2), (Part 3): Karen Corby from the Silverlight team has a great three part blog series that talks about the new [...]

By: Arthur

Arthur — Mon, 22 Sep 2008 07:00:15 +0000

crossdomain.xml not working:

I have created a simple service and hosted it on my local IIS.
when i try to access it from another site i get 404 error.
ClientAccessPolicy.xml works great, but if i remove it an use only crossdomain.xml it doesn’t.
Why is that?

I have used you format of crossdomain.xml and the one posted at http://msdn.microsoft.com/en-us/library/cc645049(VS.95).aspx#cross_domain_policy

By: Karen

Karen — Tue, 17 Jun 2008 17:14:13 +0000

Excellent catch.. yes, that is a typo. It should be in the tag. I’ve updated this post.

By: Paul Muston

Paul Muston — Tue, 17 Jun 2008 15:38:42 +0000

In example 1 you have the http-request-headers=”Content-Type” in element – is this correct?
http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx shows it in the element. Typo – you are also self closing the element.

By: Steve

Steve — Wed, 11 Jun 2008 06:38:53 +0000

I would like to see an code example using YouTube or at least know why it cannot be created.

By: Masaki(JP)

Masaki(JP) — Wed, 21 May 2008 01:05:15 +0000

Great!
Can I translate to Japanese, and carry to my blog?

By: srinath

srinath — Wed, 30 Apr 2008 09:58:48 +0000

Great article! Thanks.
Minor bug: It should be “uri” in example 2 (“i” missing).
Question: Is there a way to explictly deny access to a subpath while giving access to a path.

By: Mike Amundsen

Mike Amundsen — Tue, 29 Apr 2008 14:20:30 +0000

I understand that challenges and appreciate the initial work done heere to get cross-domain requests up and running. However, in-message authentication is – by nature – a security risk. Until HTTPS and Basic/Digest is properly supported, it is much wiser to simply *not* expose private content via cross-domain requests.

By: Peter Bromberg

Peter Bromberg — Thu, 24 Apr 2008 00:21:57 +0000

This is great stuff! But why do people insist on posting sample code with line numbers at the left? If i want to copy the code, then I have to go and remove all the line numbers before I can use it!