Silverlight - Cross domain access blocked, use a server side proxy or XMLHttpRequest

Silverlight's security model prevents making a request to another domain. For instance, if you're serving a page with a Silverlight control from www.silverlight.net, the control can't make a request to maps.google.com, flickr.com, etc; the control can only call back to the silverlight.net domain. That's probably a good thing from a security perspective - it'd just be way too easy for a page to cross security zones and other bad things if a client side networking stack could communicate with any domain it wanted.

But there are some very legitimate uses of cross domain access, such as the (overused) Google map and Flickr mashup example. There are some ways around the Silverlight domain restrictions, though. The easiest way is to use a server side proxy, so the Silverlight control only talks to the site that served it, and the server side code makes cross domain requests.

If you need to make cross domain requests on the client side, though, your Silverlight control can call through the browser's Javascript network stack using XMLHttpRequest. Firefox has a "same origin policy" for the XMLHttpRequest, but you can request expanded priveleges if you sign your script. IE handles cross domain requests via security zone policy (Local, Trusted, Intranet, Internet, Restricted). Before IE7, I believe the default access was more open than Firefox; in IE7 cross domain access is denied by default to all security zones. It seems like the best general practice is to avoid client side cross domain access and use a server side proxy.

4 Comments

  • you can also use mod_rewrite (or an appropriate url rewriter if you are on IIS) or mod_proxy to redirect your cross-domain calls. Sometimes the src="{remote site}" trick works if you are getting JSON back from your web service.

  • nah, don't care

    i heard you were nobody since phil stopped workin wit you.

    actually, i was tryin to explain to my boss that phil went to koders.com -- double blank stare - i said: y'know, phil who worked with jon galloway -- boss interjected: hey! he wrote that data dictionary app i use!, me: (thinking, derrr, of course, but sez) yeh, //that// jon!

    full o smarties, that West coast of US.

    keep doin what u do jon.

  • @Travis - Thanks! I missed that session, thanks for including the links.

    @lb - Thanks! I was feeling a bit useless this week, what with the lack of sleep due to a newborn and all. You are the wind beneath my wings!

  • I need a lnik to cross the blocked sides any one can help me in this issue..

Comments have been disabled for this content.