public static ICrossDomainPolicy BuildFlashPolicy(HttpWebResponse response)
{
ICrossDomainPolicy policy = null;
if ((response.StatusCode == HttpStatusCode.OK) && CheckContentType(response.ContentType))
{
try {
policy = FlashCrossDomainPolicy.FromStream(response.GetResponseStream());
} catch (Exception ex) {
Console.WriteLine(String.Format("CrossDomainAccessManager caught an exception while reading {0}: {1}",
response.ResponseUri, ex));
// and ignore.
}
if (policy != null)
{
// see DRT# 864 and 865
string site_control = response.InternalHeaders ["X-Permitted-Cross-Domain-Policies"];
if (!String.IsNullOrEmpty(site_control))
{
(policy as FlashCrossDomainPolicy).SiteControl = site_control;
}
}
}
// the flash policy was the last chance, keep a NoAccess into the cache
if (policy == null)
{
policy = no_access_policy;
}
AddPolicy(response.ResponseUri, policy);
return(policy);
}
static public ICrossDomainPolicy FromStream (Stream stream)
{
FlashCrossDomainPolicy cdp = new FlashCrossDomainPolicy ();
// Silverlight accepts whitespaces before the XML - which is invalid XML
StreamReader sr = new StreamReader (stream);
while (Char.IsWhiteSpace ((char) sr.Peek ()))
sr.Read ();
XmlReaderSettings policy_settings = new XmlReaderSettings ();
policy_settings.DtdProcessing = DtdProcessing.Ignore;
using (XmlReader reader = XmlReader.Create (sr, policy_settings)) {
reader.MoveToContent ();
if (reader.HasAttributes || reader.IsEmptyElement) {
reader.Skip ();
return null;
}
while (!reader.EOF) {
reader.ReadStartElement ("cross-domain-policy", String.Empty);
for (reader.MoveToContent (); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent ()) {
if (reader.NodeType != XmlNodeType.Element) {
reader.Skip ();
continue;
}
switch (reader.LocalName) {
case "site-control":
cdp.SiteControl = GetSiteControl (reader);
reader.Skip ();
break;
case "allow-access-from":
var a = CreateAllowAccessFrom (reader);
cdp.AllowedAccesses.Add (a);
reader.Skip ();
break;
case "allow-http-request-headers-from":
var h = CreateAllowHttpRequestHeadersFrom (reader);
cdp.AllowedHttpRequestHeaders.Add (h);
reader.Skip ();
break;
default:
reader.Skip ();
return null;
}
}
reader.ReadEndElement ();
reader.MoveToContent ();
}
}
// if none supplied set a default for headers
if (cdp.AllowedHttpRequestHeaders.Count == 0) {
var h = new AllowHttpRequestHeadersFrom () { Domain = "*", Secure = true };
h.Headers.SetHeaders (null); // defaults
cdp.AllowedHttpRequestHeaders.Add (h);
}
return cdp;
}
static public ICrossDomainPolicy FromStream(Stream stream)
{
FlashCrossDomainPolicy cdp = new FlashCrossDomainPolicy();
// Silverlight accepts whitespaces before the XML - which is invalid XML
StreamReader sr = new StreamReader(stream);
while (Char.IsWhiteSpace((char)sr.Peek()))
{
sr.Read();
}
XmlReaderSettings policy_settings = new XmlReaderSettings();
policy_settings.DtdProcessing = DtdProcessing.Ignore;
using (XmlReader reader = XmlReader.Create(sr, policy_settings)) {
reader.MoveToContent();
if (reader.HasAttributes || reader.IsEmptyElement)
{
reader.Skip();
return(null);
}
while (!reader.EOF)
{
reader.ReadStartElement("cross-domain-policy", String.Empty);
for (reader.MoveToContent(); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent())
{
if (reader.NodeType != XmlNodeType.Element)
{
throw new XmlException(String.Format("Unexpected cross-domain-policy content: {0}", reader.NodeType));
}
switch (reader.LocalName)
{
case "site-control":
cdp.SiteControl = GetSiteControl(reader);
reader.Skip();
break;
case "allow-access-from":
var a = CreateAllowAccessFrom(reader);
cdp.AllowedAccesses.Add(a);
reader.Skip();
break;
case "allow-http-request-headers-from":
var h = CreateAllowHttpRequestHeadersFrom(reader);
cdp.AllowedHttpRequestHeaders.Add(h);
reader.Skip();
break;
default:
reader.Skip();
return(null);
}
}
reader.ReadEndElement();
reader.MoveToContent();
}
}
// if none supplied set a default for headers
if (cdp.AllowedHttpRequestHeaders.Count == 0)
{
var h = new AllowHttpRequestHeadersFrom()
{
Domain = "*", Secure = true
};
h.Headers.SetHeaders(null); // defaults
cdp.AllowedHttpRequestHeaders.Add(h);
}
return(cdp);
}
