tags:

views:

1950

answers:

3
Q: 

Cross Domain security error in Silverlight?

I'm trying to read a feed from Yahoo Pipes into a Silverlight Application. I keep getting a SecurityException, which sounds like a cross domain policy problem, but Yahoo pipes, if you go through the pipes.yahooapis domain, has a cross domain policy, so should be ok. I tried the exact same code, but going to the Digg API, and it works fine (although this is rest rather than an rss feed). Could my error have nothing to do with Cross Domain policies?

I use the following code for the web request :

 WebClient wc = new WebClient();    
 wc.DownloadStringAsyncCompleted += new DownloadStringCompletedEventHandler(wc_DlStrCompleted);    
 wc.DownloadStringAsync(new Uri(yahooPipesUrl));

The exception I get is a System.Security.SecurityException.

The url I'm trying is this one

http://pipes.yahooapis.com/pipes/pipe.run?_id=4rBri9Ef3RG8CEGLLe2fWQ&_render=rss&feedUrl=http://feeds.feedburner.com/follesoe

A: 

There is no Client Access policy file at http://pipes.yahoo.com/crossdomain.xml or http://pipes.yahoo.com/clientaccesspolicy.xml

Therefore the SecurityException is correct behavior.

What is the exact URL that you are trying to access?

Michael S. Scherotter  2009-01-09 16:14:47
try ttp://pipes.yahooapis.com/crossdomain.xml
Steve  2009-01-09 17:12:48
A: 

The crossdomain.xml policy file at http://pipes.yahooapis.com/crossdomain.xml specifies only secure (https:) requests in the allow-access-from element. See the documentation about the format here:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"&gt;
<cross-domain-policy>
  <site-control permitted-cross-domain-policies="master-only" />
  <allow-access-from domain="*" secure="true" />
</cross-domain-policy>
Michael S. Scherotter  2009-01-09 17:41:17
I understood the secure=true differently. Have a look at the one for the Digg API, http://services.digg.com/crossdomain.xml. No problem reading that.
Steve  2009-01-09 17:45:59
+2  A: 

The policy file in place is:

<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"&gt; 
<cross-domain-policy> 
  <site-control permitted-cross-domain-policies="master-only" /> 
  <allow-access-from domain="*" /> 
</cross-domain-policy>

There is a current problem that Silverlight does not work with the entire Flash Cross Domain Policy file format...I would expect that the site-control element is breaking it.

Shawn Wildermuth  2009-01-09 17:51:03
that sounds plausible. Thanks!
Steve  2009-01-09 17:52:07

related questions

Silverlight DataBinding cross thread issue
Suggestions for migrating ASP.net app from 1.1 forward
Clone a control in silverlight
How to track if browser is Silverlight enabled
Image cropping C# without .net library
Large File Download
Image processing in Silverlight 2
ASP.NET vs. Silverlight
XAML - Accessing static fields
What's the best way to display a video with rounded corners in Silverlight?
How to do crossdomain calls from Silverlight?
Databind RenderTransform Scaling in Silverlight 2 Beta 2
Custom Attribute Binding in Silverlight
What is the purpose of the 'AppManifest.xaml' file in Silverlight applications?
Silverlight programatic access to Sony RZ30N Video Feed
Silverlight vs Flex
Version detection with Silverlight
What's your top feature request for Silverlight?
How do I update my UI from within HttpWebRequest.BeginGetRequestStream in Silverlight
Upload binary data with Silverlight 2b2
In silverlight, how to you attach a changeEvent handler to an inherited dependency property?
What is the easiest way to add compression to WCF in Silverlight?
What is the value-binding syntax in xaml?
Using SQLite with Visual Studio 2008 and Silverlight
Hiding inherited members in C#