I have a RESTlike API that I want to access from Silverlight. It needs to support the following:
Pretty much wide open. I'm a little confused by the docs so does anyone have an example of what it might look like?
Something wide-open but only allowing https and not http would look something like this and would need to be named clientaccesspolicy.xml and placed in the web root:
<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" http-methods="*">
<domain uri="https://*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true"/>
</grant-to>
</policy>
</cross-domain-access>
</access-policy>
If you want to allow both http and https access you need to explicitly list both of them under the allow-from node as it is opt-in and a simple * wildcard will not work for SSL.
Edit: Added http-methods="*" per John's comment to allow methods other than GET and POST.