Silverlight URL Access Policy
For security reasons, Microsoft Silverlight restricts cross-zone, cross-domain, and cross-scheme URL access as well as other possible security threats such as passing cookies and allowing redirections. For example, if you have a Silverlight-based application that is hosted on one Web domain and you try to use the Downloader object to access a file stored on another domain, the request will fail. The table below summarizes these rules.
|Downloader object||Media, images, ASX||XAML files, Font files||Streaming media|
|Allowed schemes||HTTP, HTTPS||HTTP, HTTPS, FILE||HTTP, HTTPS, FILE||HTTP|
|Cross-scheme access||No||No||No||Not from HTTPS|
|Cross-Web domain access||No||If not HTTPS||No||Yes|
|Cross-zone access (Windows)||No||No||No||No|
|Cross-zone access (Macintosh)||No||Yes||No||Yes|
|Redirection allowed||Same domain (Firefox/Safari only)||Same domain||Same domain||No|
Note When users get an error that results from one of these access policies being violated, the error may not indicate the exact cause.
Definitions for some of the terms used in the previous table:
- Cross-scheme: Accessing from one scheme (for example, HTTP, HTTPS, and so on) to another.
- Cross-Web domain: Accessing between one Web domain to another (for example, an application that is hosted on www.contoso.com trying to access content on www.fabrikam.com).
- Cross-zone: Accessing between security zones. For example, trying to access an intranet resource from your Internet server.
As an example, if you want to host your application and store your images on different servers, you can check the the "Media, images, ASX" column in the previous table to learn the following:
- You cannot store your images on a site that uses the HTTPS scheme if you are hosting your application on an HTTP site.
- You can store your images on another domain as long as the scheme of that domain is not HTTPS.
- You cannot store your images on an intranet server if the application is on the Internet (cross-zone), unless your users are using a Macintosh.
- You can redirect to another image URL as long as the URL is on the same domain.