clientaccesspolicy.xml :
<?xml version="1.0" encoding="utf-8"?> <access-policy> <cross-domain-access> <policy> <allow-from http-request-headers="*"> <domain uri="*" /> </allow-from> <grant-to> <resource path="/" include-subpaths="true" /> </grant-to> </policy> </cross-domain-access> </access-policy>
crossdomain.xml :
<?xml version="1.0"?> <!DOCTYPE cross-domain-policy> <cross-domain-policy> <allow-http-request-headers-from domain="*" headers="*" secure="true" /> </cross-domain-policy>
Nothing special here, the standard configuration of millions of WCF services to allow Silverlight clients to access them. Unfortunately, this setting does not work in the environment in which I was deployed. The pre-production environment used to test the deployment is configured the same way to live (or sysadmins, respectively), and everything works fine, so I got so confused.
I had one of sysadmins that traced a request from a Silverlight client using HTTPDebuggerPro, and it shows that the client retrieves both clientaccesspolicy.xml and crossdomain.xml without any problems (HTTP status 200). However, after requesting these files, the client tries to make a call to the service and immediately receives a CrossDomainException .
I also tried to get system administrators to add the WCF service URL to the Internet Explorer "Allowed Sites" list in the field where the Silverlight client is located (as per the last sentence of the last paragraph from http://blogs.msdn.com/b/ fiddler / archive / 2010/11/22 / fiddler-and-silverlight-cross-zone-cross-domain-requests.aspx ), but that didn't work either.
HALP!
source share