0

I have a RESTlike API that I want to access from Silverlight. It needs to support the following:

  • All requests are made over SSL
  • Allow GET, POST, PUT, DELETE (or just any)
  • Allow any request headers
  • Allow requests from any host

Pretty much wide open. I'm a little confused by the docs so does anyone have an example of what it might look like?

John Sheehan
  • 77,456
  • 30
  • 160
  • 194

3 Answers3

2

Something wide-open but only allowing https and not http would look something like this and would need to be named clientaccesspolicy.xml and placed in the web root: 

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
  <cross-domain-access>
    <policy>
      <allow-from http-request-headers="*" http-methods="*">
        <domain uri="https://*" />
      </allow-from>
      <grant-to>
        <resource path="/" include-subpaths="true"/>
      </grant-to>
    </policy>
  </cross-domain-access>
</access-policy>

If you want to allow both http and https access you need to explicitly list both of them under the allow-from node as it is opt-in and a simple * wildcard will not work for SSL.

Edit: Added http-methods="*" per John's comment to allow methods other than GET and POST.

Dan Auclair
  • 3,607
  • 25
  • 32
  • Do you know if I need to add http-methods="*" to the allow-from element? – John Sheehan Oct 25 '10 at 23:05
  • Hey John, you are right. If you don't add the http-methods="*" you are only allowing GET and POST... that was an oversight on my part. I'll update my answer. Found the info here if you are curious: http://msdn.microsoft.com/en-us/library/cc645032(VS.95).aspx – Dan Auclair Oct 26 '10 at 15:43
1

Here is the MSDN Documentation on the matter: Making a Service Available Across Domain Boundaries.

cory-fowler
  • 4,020
  • 2
  • 18
  • 29
1

Some hints on where to get started:

John Sheehan
  • 77,456
  • 30
  • 160
  • 194
Jon Galloway
  • 52,327
  • 25
  • 125
  • 193