If you're a flash developer like me you are probably familiar with cross domain policy file. That's a file named "crossdomain.xml" that's put under root directory of your web server. If a SWF tries to access data from a domain that's not the same domain it's downloaded, flash player download this file to decide whether the attempt to access is secure. To my surprise, in Silverlight Microsoft is using exactly the same
strategy, the same
file name, and the same
file spec. Just take a look at this sample given by Microsoft:
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd
<allow-http-request-headers-from domain="*" headers="SOAPAction,Content-Type"/>
I'm not sure if crossdomain.xml has become an open SPEC, that's why I get so confused.