Silverlight - ClientAccessPolicy.xml Syntax

Question

I'm trying to communicate with an Apache web server in a cross-domain way.

I have a clientaccesspolicy.xml file set up on the root of the domain and it is successfully retrieved by the Silverlight client when attempting to make a GET request to a Java servlet that's been set up.

The specifics are something like this:

URL to access: dev.corp.companyname.com/servlets/targetServlet

The clientaccesspolicy.xml file looks like this:

<access-policy> 
  <cross-domain-access> 
    <policy> 
      <allow-from http-request-headers ="*"> 
        <domain uri ="http://*" /> 
      </allow-from > 
      <grant-to > 
        <resource path ="servlets/targetServlet" include-subpaths ="false"/> 
      </grant-to> 
    </policy > 
  </cross-domain-access> 
</access-policy> 

I'm getting the common SecurityException with "Security Error" as it's message. I assume this means that the clientaccesspolicy.xml file is set up correctly.

So here are the questions: Should

<domain uri ="http://*" />

be

<domain uri ="*" />

Also. Should

<resource path ="servlets/targetServlet" include-subpaths ="false"/> 

be

<resource path ="/servlets/targetServlet" include-subpaths ="false"/>

Answer 1

You should use <domain uri ="*" /> if you want to enable all http and https callers. <domain uri ="http://*" /> will only enable all http callers.

Use <resource path ="/servlets/targetServlet" include-subpaths ="false"/> to define a path from the root of the site with no access to any sub directories. Use this to be specific and not releative. From Network Security Access Restrictions in Silverlight

The attribute is the URI relative to root of the domain. It refers to a specific path that can represent a web service or a file.

The path cannot contain wildcard characters or characters not recognized by Uniform Resource Identifier (URI): Generic Syntax, http://ietf.org/rfc/rfc3986

This element and attribute are used solely for requests from WebClient and HTTP classes.