I've successfully created and am currently using a clientaccesspolicy.xml file to expose my WCF to my Silverlight client, with an allow-from domain uri of http://*. I'd like to tighten it up by using a more specific uri like http://www.foobar.com or http://*.foobar.com, but when I use those uris, I get SecurityExceptions in my Silverlight client.
For reference, here is the currently working clientaccesspolicy.xml:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
I've tried changing http-request-headers to "*" to no avail. And I've verified that wildcard uris (and resource paths) work for me when securing non-WCF resources like .txts or .pngs. My clientaccesspolicy.xml is living in the same directory as the .svc.
I can't use a crossdomain.xml, as that doesn't allow specific uris (see http://msdn.microsoft.com/en-us/library/cc838250(VS.95).aspx).
Thanks!
