// only "domain", "secure" and "headers" attributes are allowed - anything else is considered invalid
static AllowHttpRequestHeadersFrom CreateAllowHttpRequestHeadersFrom(XmlReader reader)
{
int n = reader.AttributeCount;
string domain = reader.GetAttribute("domain");
if (domain != null)
{
n--;
}
string secure = reader.GetAttribute("secure");
if (secure != null)
{
n--;
}
string headers = reader.GetAttribute("headers");
if (headers != null)
{
n--;
}
if (n != 0)
{
throw new XmlException("unknown/unsupported attributes");
}
var h = new AllowHttpRequestHeadersFrom()
{
Domain = domain, Secure = ReadBooleanAttribute(secure)
};
h.Headers.SetHeaders(headers);
return(h);
}
static public ICrossDomainPolicy FromStream (Stream stream)
{
FlashCrossDomainPolicy cdp = new FlashCrossDomainPolicy ();
// Silverlight accepts whitespaces before the XML - which is invalid XML
StreamReader sr = new StreamReader (stream);
while (Char.IsWhiteSpace ((char) sr.Peek ()))
sr.Read ();
XmlReaderSettings policy_settings = new XmlReaderSettings ();
policy_settings.DtdProcessing = DtdProcessing.Ignore;
using (XmlReader reader = XmlReader.Create (sr, policy_settings)) {
reader.MoveToContent ();
if (reader.HasAttributes || reader.IsEmptyElement) {
reader.Skip ();
return null;
}
while (!reader.EOF) {
reader.ReadStartElement ("cross-domain-policy", String.Empty);
for (reader.MoveToContent (); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent ()) {
if (reader.NodeType != XmlNodeType.Element) {
reader.Skip ();
continue;
}
switch (reader.LocalName) {
case "site-control":
cdp.SiteControl = GetSiteControl (reader);
reader.Skip ();
break;
case "allow-access-from":
var a = CreateAllowAccessFrom (reader);
cdp.AllowedAccesses.Add (a);
reader.Skip ();
break;
case "allow-http-request-headers-from":
var h = CreateAllowHttpRequestHeadersFrom (reader);
cdp.AllowedHttpRequestHeaders.Add (h);
reader.Skip ();
break;
default:
reader.Skip ();
return null;
}
}
reader.ReadEndElement ();
reader.MoveToContent ();
}
}
// if none supplied set a default for headers
if (cdp.AllowedHttpRequestHeaders.Count == 0) {
var h = new AllowHttpRequestHeadersFrom () { Domain = "*", Secure = true };
h.Headers.SetHeaders (null); // defaults
cdp.AllowedHttpRequestHeaders.Add (h);
}
return cdp;
}
// only "domain", "secure" and "headers" attributes are allowed - anything else is considered invalid
static AllowHttpRequestHeadersFrom CreateAllowHttpRequestHeadersFrom (XmlReader reader)
{
int n = reader.AttributeCount;
string domain = reader.GetAttribute ("domain");
if (domain != null)
n--;
string secure = reader.GetAttribute ("secure");
if (secure != null)
n--;
string headers = reader.GetAttribute ("headers");
if (headers != null)
n--;
if (n != 0)
throw new XmlException ("unknown/unsupported attributes");
var h = new AllowHttpRequestHeadersFrom () { Domain = domain, Secure = ReadBooleanAttribute (secure) };
h.Headers.SetHeaders (headers);
return h;
}
static public ICrossDomainPolicy FromStream(Stream stream)
{
FlashCrossDomainPolicy cdp = new FlashCrossDomainPolicy();
// Silverlight accepts whitespaces before the XML - which is invalid XML
StreamReader sr = new StreamReader(stream);
while (Char.IsWhiteSpace((char)sr.Peek()))
{
sr.Read();
}
XmlReaderSettings policy_settings = new XmlReaderSettings();
policy_settings.DtdProcessing = DtdProcessing.Ignore;
using (XmlReader reader = XmlReader.Create(sr, policy_settings)) {
reader.MoveToContent();
if (reader.HasAttributes || reader.IsEmptyElement)
{
reader.Skip();
return(null);
}
while (!reader.EOF)
{
reader.ReadStartElement("cross-domain-policy", String.Empty);
for (reader.MoveToContent(); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent())
{
if (reader.NodeType != XmlNodeType.Element)
{
throw new XmlException(String.Format("Unexpected cross-domain-policy content: {0}", reader.NodeType));
}
switch (reader.LocalName)
{
case "site-control":
cdp.SiteControl = GetSiteControl(reader);
reader.Skip();
break;
case "allow-access-from":
var a = CreateAllowAccessFrom(reader);
cdp.AllowedAccesses.Add(a);
reader.Skip();
break;
case "allow-http-request-headers-from":
var h = CreateAllowHttpRequestHeadersFrom(reader);
cdp.AllowedHttpRequestHeaders.Add(h);
reader.Skip();
break;
default:
reader.Skip();
return(null);
}
}
reader.ReadEndElement();
reader.MoveToContent();
}
}
// if none supplied set a default for headers
if (cdp.AllowedHttpRequestHeaders.Count == 0)
{
var h = new AllowHttpRequestHeadersFrom()
{
Domain = "*", Secure = true
};
h.Headers.SetHeaders(null); // defaults
cdp.AllowedHttpRequestHeaders.Add(h);
}
return(cdp);
}
