// note: tests show that it only applies to Silverlight policy (seems to work with Flash)
// and only if we're not granting full access (i.e. '/' with all subpaths)
// https://connect.microsoft.com/VisualStudio/feedback/ViewFeedback.aspx?FeedbackID=466043
private bool CheckOriginalPath(Uri uri)
{
// Path Restriction for cross-domain requests
// http://msdn.microsoft.com/en-us/library/cc838250(VS.95).aspx
string original = uri.OriginalString;
// applies to the *path* only (not the query part)
int query = original.IndexOf('?');
if (query != -1)
{
original = original.Substring(0, query);
}
if (original.Contains('%') || original.Contains("./") || original.Contains(".."))
{
// special case when no path restriction applies - i.e. the above characters are accepted by SL
if (AccessPolicyList.Count != 1)
{
return(false);
}
AccessPolicy policy = AccessPolicyList [0];
if (policy.GrantedResources.Count != 1)
{
return(false);
}
GrantTo gt = policy.GrantedResources [0];
if (gt.Resources.Count != 1)
{
return(false);
}
Resource r = gt.Resources [0];
return(r.IncludeSubpaths && (r.Path == "/"));
}
return(true);
}
static void ReadGrantToElement(XmlReader reader, AccessPolicy policy)
{
var v = new GrantTo();
bool valid = true;
if (reader.HasAttributes || reader.IsEmptyElement)
{
reader.Skip();
return;
}
reader.ReadStartElement("grant-to", String.Empty);
for (reader.MoveToContent(); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent())
{
if (reader.NodeType != XmlNodeType.Element)
{
throw new XmlException(String.Format("Unexpected grant-to content: {0}", reader.NodeType));
}
if (!String.IsNullOrEmpty(reader.NamespaceURI))
{
reader.Skip();
continue;
}
switch (reader.LocalName)
{
case "resource":
var r = CreateResource(reader);
if (r == null)
{
valid = false;
}
else
{
v.Resources.Add(r);
}
break;
case "socket-resource":
// ignore everything that is not TCP
if (reader.GetAttribute("protocol") != "tcp")
{
break;
}
// we can merge them all together inside a policy
policy.PortMask |= ParsePorts(reader.GetAttribute("port"));
break;
default:
valid = false;
break;
}
reader.Skip();
}
if (valid)
{
policy.GrantedResources.Add(v);
}
reader.ReadEndElement();
}
static void ReadGrantToElement (XmlReader reader, AccessPolicy policy)
{
var v = new GrantTo ();
bool valid = true;
if (reader.HasAttributes || reader.IsEmptyElement) {
reader.Skip ();
return;
}
reader.ReadStartElement ("grant-to", String.Empty);
for (reader.MoveToContent (); reader.NodeType != XmlNodeType.EndElement; reader.MoveToContent ()) {
if (IsNonElement (reader) || !String.IsNullOrEmpty (reader.NamespaceURI)) {
reader.Skip ();
continue;
}
switch (reader.LocalName) {
case "resource":
var r = CreateResource (reader);
if (r == null)
valid = false;
else
v.Resources.Add (r);
break;
case "socket-resource":
// ignore everything that is not TCP
if (reader.GetAttribute ("protocol") != "tcp")
break;
// we can merge them all together inside a policy
policy.PortMask |= ParsePorts (reader.GetAttribute ("port"));
break;
default:
valid = false;
break;
}
reader.Skip ();
}
if (valid)
policy.GrantedResources.Add (v);
reader.ReadEndElement ();
}
