0

I have a silverlight app which try to access another site(hosted on JBOSS or Tomcat) by following way:

WebClient proxy;

//......
proxy.DownloadStringAsync(url);  //this url point another site hosted by JBOSS or Tomcat with http. https not available for this site.

Silverlight is accessed with https. When I run the silverlight app and try to access another site, got message as below in popup:

Display mixed content?

then either choose Yea/No, the browser is crashed.

If I use http to access my silverlight app, every thing is fine.

Then this problem is supposed as crossdomain problem. A cross-domain xml file can be put on the JBOSS or Tomcat site. Not sure what the the policy file looks like. Any sample policy xml file for this case? Then I can put it on JBoss or Tomcat site and test it?

Comments: Found out and will try.

KentZhou
  • 24,805
  • 41
  • 134
  • 200

1 Answers1

0

First, you only need clientaccesspolicy.xml for Silverlight (and it has more features). crossdomain.xml is an older security access model with compatibility for Flash etc

Second, the file must be in the root of the https site, as that is not the same as the http site. You need in on both sites if both the http and https sites are accessed by your app.

Thirdly, if you are still having problems, add https explicitly to the config. e.g. with

 <allow-from>
      <domain uri="http://*">
      <domain uri="https://*">
 </allow-from>)

This page on Network Security Access Restrictions in Silverlight has more detail of the options

Example file:

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
  <cross-domain-access>
    <!--Enables Silverlight 3+ all methods -->
    <policy>
      <allow-from http-methods="*">      
          <domain uri="http://*">
          <domain uri="https://*">
      </allow-from>      
      <grant-to>      
        <resource path="/api" include-subpaths="true"/>
      </grant-to>      
    </policy>
    <!--Enables Silverlight 2 clients to continue to work normally -->
    <policy>
      <allow-from >      
          <domain uri="http://*">
          <domain uri="https://*">
      </allow-from>      
      <grant-to>      
        <resource path="/api" include-subpaths="true"/>
      </grant-to>      
    </policy>
  </cross-domain-access>
</access-policy>
iCollect.it Ltd
  • 92,391
  • 25
  • 181
  • 202