If you're a flash developer like me you are probably familiar with cross domain policy file. That's a file named "crossdomain.xml" that's put under root directory of your web server. If a SWF tries to access data from a domain that's not the same domain it's downloaded, flash player download this file to decide whether the attempt to access is secure. To my surprise, in Silverlight Microsoft is using exactly the same strategy, the same file name, and the same file spec. Just take a look at this sample given by Microsoft:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
  <allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/>

I'm not sure if crossdomain.xml has become an open SPEC, that's why I get so confused.


Leave a Reply