locked
Silverlight, Astoria and that pain in the rear Cross-Domain Request problem RRS feed

  • Question

  • The Cross-Domain Request issue is specific to silverlight, not astoria, and ther are a few workarounds.

     

    The basic problem is that silverlight 1.1 alpha can only make BrowserHttpRequests to services in it's own domain, which kind of puts a damper on the whole mash-up party until the next (?) release of silverlight.

     

    It's easy enough to get around  this in design time on your own computer which is how I'm running my own silverlight Astoria app in Visual studio 2008.

     

    For deployed apps, you can build a proxy web service to make a call out to the service that you want. That way silverlight is calling a "local" service. So it's not so bad - *if* you aren't making calls to an Astoria service using the Silverlight Client, that is.

     

    I've seen that this will be fixed after the Silverlight 1.1 alpha (as per Scott Guthrie powerpoint) but does anyone know of a way around it (for deployment) with the current prototype bits of Astoria?

     

    It's mostly  a moot point since the fix is coming in Silverlight and the prototype bits for Astoria will be replaced, but I thought I'd just check anyway.

     

    Thanks

     

    Julie

    Monday, October 15, 2007 12:30 AM

Answers

  • There is a technique using IFrame's being worked on to enable cross domain, which is described here: http://blogs.msdn.com/dthorpe/archive/2007/06/18/secure-cross-domain-communication-the-architecture-journal.aspx .  That said, I've not yet investigated how easily one could leverage this today with the Astoria CTP. 

     

    Another approach which is currrently supported in the CTP is JSONP.  Since this is highly tied to javascript / JSON this likely isnt a great option for SL apps, but I thought I'd call out that support exists.  That said, I'd be curious if people want us to carry JSONP support into the production version of Astoria.

     

    Cross domain access is something we want to enable in a secure way and we are working with various Silverlight teams to ensure the Astoria client library works well with any xdomain solutions defined by Silverlight.  There are a number of proposed mechanisms out there to enable xdomain access (policy files, HTTP header handshakes, etc).  We are very interested in learning about the requirements anyone has for xdomain calls with respect to Astoria such that we can drive towards a generally applicable mechanism.

     

     

    Mike Flasko

    Program Manager, Astoria

    Monday, October 15, 2007 8:07 PM