public static ICrossDomainPolicy BuildSilverlightPolicy(HttpWebResponse response) { // return null if no Silverlight policy was found, since we offer a second chance with a flash policy if ((response.StatusCode != HttpStatusCode.OK) || !CheckContentType(response.ContentType)) { return(null); } ICrossDomainPolicy policy = null; try { policy = ClientAccessPolicy.FromStream(response.GetResponseStream()); if (policy != null) { AddPolicy(response.ResponseUri, policy); } } catch (Exception ex) { Console.WriteLine(String.Format("CrossDomainAccessManager caught an exception while reading {0}: {1}", response.ResponseUri, ex)); // and ignore. } return(policy); }
public static ICrossDomainPolicy BuildFlashPolicy(HttpWebResponse response) { ICrossDomainPolicy policy = null; if ((response.StatusCode == HttpStatusCode.OK) && CheckContentType(response.ContentType)) { try { policy = FlashCrossDomainPolicy.FromStream(response.GetResponseStream()); } catch (Exception ex) { Console.WriteLine(String.Format("CrossDomainAccessManager caught an exception while reading {0}: {1}", response.ResponseUri, ex)); // and ignore. } if (policy != null) { // see DRT# 864 and 865 string site_control = response.InternalHeaders ["X-Permitted-Cross-Domain-Policies"]; if (!String.IsNullOrEmpty(site_control)) { (policy as FlashCrossDomainPolicy).SiteControl = site_control; } } } // the flash policy was the last chance, keep a NoAccess into the cache if (policy == null) { policy = no_access_policy; } AddPolicy(response.ResponseUri, policy); return(policy); }
private void FlashPolicyCallback(IAsyncResult result) { WebRequest wreq = (result.AsyncState as WebRequest); BrowserHttpWebResponse wres = (BrowserHttpWebResponse)wreq.EndGetResponse(result); // we either got a Flash policy or (if none/bad) a NoAccessPolicy, either way we continue... policy = CrossDomainPolicyManager.BuildFlashPolicy(wres); GetResponse(this.Method, uri, true); }
private IAsyncResult GetResponse(string method, Uri uri, bool sendHeaders) { if ((uri.Scheme != "http") && (uri.Scheme != "https")) { async_result.Exception = new SecurityException("Bad scheme"); async_result.SetComplete(); return(async_result); } // this is a same site (site of origin, SOO) request; or // we either already know the policy (previously downloaded); or // we try to download the policy if (!IsDownloadingPolicy()) { policy = CrossDomainPolicyManager.GetCachedWebPolicy(uri); if (policy == null) { // we'll download the policy *then* proceed to the requested URI policy = CrossDomainPolicyManager.PolicyDownloadPolicy; Uri silverlight_policy_uri = CrossDomainPolicyManager.GetSilverlightPolicyUri(uri); BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal(null, silverlight_policy_uri); return(preq.BeginGetResponse(new AsyncCallback(SilverlightPolicyCallback), preq)); } } // Console.WriteLine ("{0} '{1}' using policy: {2}", method, uri, policy); HttpWebRequest wreq = GetHttpWebRequest(uri); wreq.Method = method; // store exception, to throw later, if we have no policy or are not allowed by the policy #if !ANDROID_HACK if ((policy == null) || !policy.IsAllowed(wreq)) { if ((policy == null) || (policy.Exception == null)) { async_result.Exception = new SecurityException(); } else { async_result.Exception = policy.Exception; } async_result.SetComplete(); return(async_result); } #endif if (!sendHeaders) { wreq.Headers.Clear(); } wreq.progress = progress; return(wreq.BeginGetResponse(new AsyncCallback(EndCallback), wreq)); }
public static ICrossDomainPolicy GetCachedWebPolicy(Uri uri) { // if we request an Uri from the same site then we return an "always positive" policy if (SiteOfOriginPolicy.HasSameOrigin(uri, BaseDomainPolicy.ApplicationUri)) { return(site_of_origin_policy); } // otherwise we search for an already downloaded policy for the web site string root = GetRoot(uri); ICrossDomainPolicy policy = null; policies.TryGetValue(root, out policy); // and we return it (if we have it) or null (if we dont) return(policy); }
private void SilverlightPolicyCallback(IAsyncResult result) { WebRequest wreq = (result.AsyncState as WebRequest); BrowserHttpWebResponse wres = (BrowserHttpWebResponse)wreq.EndGetResponse(result); policy = CrossDomainPolicyManager.BuildSilverlightPolicy(wres); if (policy != null) { // we got our policy so we can proceed with the main request GetResponse(this.Method, uri, true); } else { // no policy but we get a second chance to try a Flash policy Uri flash_policy_uri = CrossDomainPolicyManager.GetFlashPolicyUri(wres.ResponseUri); BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal(null, flash_policy_uri); preq.BeginGetResponse(new AsyncCallback(FlashPolicyCallback), preq); } }
private static void AddPolicy (Uri responseUri, ICrossDomainPolicy policy) { string root = GetRoot (responseUri); policies [root] = policy; }
private static void AddPolicy(Uri responseUri, ICrossDomainPolicy policy) { string root = GetRoot(responseUri); policies [root] = policy; }
private void FlashPolicyCallback (IAsyncResult result) { WebRequest wreq = (result.AsyncState as WebRequest); BrowserHttpWebResponse wres = (BrowserHttpWebResponse) wreq.EndGetResponse (result); // we either got a Flash policy or (if none/bad) a NoAccessPolicy, either way we continue... policy = CrossDomainPolicyManager.BuildFlashPolicy (wres); GetResponse (this.Method, uri, true); }
private void SilverlightPolicyCallback (IAsyncResult result) { WebRequest wreq = (result.AsyncState as WebRequest); BrowserHttpWebResponse wres = (BrowserHttpWebResponse) wreq.EndGetResponse (result); policy = CrossDomainPolicyManager.BuildSilverlightPolicy (wres); if (policy != null) { // we got our policy so we can proceed with the main request GetResponse (this.Method, uri, true); } else { // no policy but we get a second chance to try a Flash policy Uri flash_policy_uri = CrossDomainPolicyManager.GetFlashPolicyUri (wres.ResponseUri); BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal (null, flash_policy_uri); preq.BeginGetResponse (new AsyncCallback (FlashPolicyCallback), preq); } }
private IAsyncResult GetResponse (string method, Uri uri, bool sendHeaders) { if ((uri.Scheme != "http") && (uri.Scheme != "https")) { async_result.Exception = new SecurityException ("Bad scheme"); async_result.SetComplete (); return async_result; } // this is a same site (site of origin, SOO) request; or // we either already know the policy (previously downloaded); or // we try to download the policy if (!IsDownloadingPolicy ()) { policy = CrossDomainPolicyManager.GetCachedWebPolicy (uri); if (policy == null) { // we'll download the policy *then* proceed to the requested URI policy = CrossDomainPolicyManager.PolicyDownloadPolicy; Uri silverlight_policy_uri = CrossDomainPolicyManager.GetSilverlightPolicyUri (uri); BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal (null, silverlight_policy_uri); return preq.BeginGetResponse (new AsyncCallback (SilverlightPolicyCallback), preq); } } // Console.WriteLine ("{0} '{1}' using policy: {2}", method, uri, policy); HttpWebRequest wreq = GetHttpWebRequest (uri); wreq.Method = method; // store exception, to throw later, if we have no policy or are not allowed by the policy if ((policy == null) || !policy.IsAllowed (wreq)) { if ((policy == null) || (policy.Exception == null)) async_result.Exception = new SecurityException (); else async_result.Exception = policy.Exception; async_result.SetComplete (); return async_result; } // new in SL4 - unlike others it can be set (earlier) and is not checked later (CheckProtocolViolation) // but still throws a SecurityException here if (Headers.ContainsKey ("Proxy-Authorization")) throw new SecurityException (); if (!sendHeaders) wreq.Headers.Clear (); wreq.progress = progress; return wreq.BeginGetResponse (new AsyncCallback (EndCallback), wreq); }