Silverlight and WCF cross site scripting issue
Recently I tried to call a WCF service hosted in a windows service from silverlight. I got an HTTP 404 (Not Found) error. This is because the WCF service is not in the same domain (=site) as the silverlight page calling it and so the action was considered cross site scripting and hence blocked.
This doesn’t happen only in self hosted WCF services but also when the WCF is hosted in IIS but in a different site.
The solution is to enable cross site scripting for the WCF service. This is done by adding a file named clientaccesspolicy.xml at the root of the site. In this file you can specify which sites you allow to do cross site access.
You can find the details how to do it when the WCF service is hosted in IIS here and when in a windows service here.
Both posts give a samples XML of how to grant access to all sites. There is an error in one of the posts sample. My guess is that the post was written during the beta and the XML structure changed later. The update is that you need another to add the attribute http-request-headers="*" and then it works.
Anyway here is how the XML in the file should look like:
<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
In the real world you might want to limit which sites you permit to do cross site scripting to your domain. For the detailed explanation of how to format this XML to do so see: http://msdn.microsoft.com/en-us/library/cc197955(VS.95).aspx