public static ICrossDomainPolicy BuildSilverlightPolicy(HttpWebResponse response)
{
// return null if no Silverlight policy was found, since we offer a second chance with a flash policy
if ((response.StatusCode != HttpStatusCode.OK) || !CheckContentType(response.ContentType))
{
return(null);
}
ICrossDomainPolicy policy = null;
try
{
policy = ClientAccessPolicy.FromStream(response.GetResponseStream());
if (policy != null)
{
AddPolicy(response.ResponseUri, policy);
}
}
catch (Exception ex)
{
Console.WriteLine(String.Format("CrossDomainAccessManager caught an exception while reading {0}: {1}",
response.ResponseUri, ex));
// and ignore.
}
return(policy);
}
public static ICrossDomainPolicy BuildFlashPolicy(HttpWebResponse response)
{
ICrossDomainPolicy policy = null;
if ((response.StatusCode == HttpStatusCode.OK) && CheckContentType(response.ContentType))
{
try {
policy = FlashCrossDomainPolicy.FromStream(response.GetResponseStream());
} catch (Exception ex) {
Console.WriteLine(String.Format("CrossDomainAccessManager caught an exception while reading {0}: {1}",
response.ResponseUri, ex));
// and ignore.
}
if (policy != null)
{
// see DRT# 864 and 865
string site_control = response.InternalHeaders ["X-Permitted-Cross-Domain-Policies"];
if (!String.IsNullOrEmpty(site_control))
{
(policy as FlashCrossDomainPolicy).SiteControl = site_control;
}
}
}
// the flash policy was the last chance, keep a NoAccess into the cache
if (policy == null)
{
policy = no_access_policy;
}
AddPolicy(response.ResponseUri, policy);
return(policy);
}
private void FlashPolicyCallback(IAsyncResult result)
{
WebRequest wreq = (result.AsyncState as WebRequest);
BrowserHttpWebResponse wres = (BrowserHttpWebResponse)wreq.EndGetResponse(result);
// we either got a Flash policy or (if none/bad) a NoAccessPolicy, either way we continue...
policy = CrossDomainPolicyManager.BuildFlashPolicy(wres);
GetResponse(this.Method, uri, true);
}
private IAsyncResult GetResponse(string method, Uri uri, bool sendHeaders)
{
if ((uri.Scheme != "http") && (uri.Scheme != "https"))
{
async_result.Exception = new SecurityException("Bad scheme");
async_result.SetComplete();
return(async_result);
}
// this is a same site (site of origin, SOO) request; or
// we either already know the policy (previously downloaded); or
// we try to download the policy
if (!IsDownloadingPolicy())
{
policy = CrossDomainPolicyManager.GetCachedWebPolicy(uri);
if (policy == null)
{
// we'll download the policy *then* proceed to the requested URI
policy = CrossDomainPolicyManager.PolicyDownloadPolicy;
Uri silverlight_policy_uri = CrossDomainPolicyManager.GetSilverlightPolicyUri(uri);
BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal(null, silverlight_policy_uri);
return(preq.BeginGetResponse(new AsyncCallback(SilverlightPolicyCallback), preq));
}
}
// Console.WriteLine ("{0} '{1}' using policy: {2}", method, uri, policy);
HttpWebRequest wreq = GetHttpWebRequest(uri);
wreq.Method = method;
// store exception, to throw later, if we have no policy or are not allowed by the policy
#if !ANDROID_HACK
if ((policy == null) || !policy.IsAllowed(wreq))
{
if ((policy == null) || (policy.Exception == null))
{
async_result.Exception = new SecurityException();
}
else
{
async_result.Exception = policy.Exception;
}
async_result.SetComplete();
return(async_result);
}
#endif
if (!sendHeaders)
{
wreq.Headers.Clear();
}
wreq.progress = progress;
return(wreq.BeginGetResponse(new AsyncCallback(EndCallback), wreq));
}
public static ICrossDomainPolicy GetCachedWebPolicy(Uri uri)
{
// if we request an Uri from the same site then we return an "always positive" policy
if (SiteOfOriginPolicy.HasSameOrigin(uri, BaseDomainPolicy.ApplicationUri))
{
return(site_of_origin_policy);
}
// otherwise we search for an already downloaded policy for the web site
string root = GetRoot(uri);
ICrossDomainPolicy policy = null;
policies.TryGetValue(root, out policy);
// and we return it (if we have it) or null (if we dont)
return(policy);
}
private void SilverlightPolicyCallback(IAsyncResult result)
{
WebRequest wreq = (result.AsyncState as WebRequest);
BrowserHttpWebResponse wres = (BrowserHttpWebResponse)wreq.EndGetResponse(result);
policy = CrossDomainPolicyManager.BuildSilverlightPolicy(wres);
if (policy != null)
{
// we got our policy so we can proceed with the main request
GetResponse(this.Method, uri, true);
}
else
{
// no policy but we get a second chance to try a Flash policy
Uri flash_policy_uri = CrossDomainPolicyManager.GetFlashPolicyUri(wres.ResponseUri);
BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal(null, flash_policy_uri);
preq.BeginGetResponse(new AsyncCallback(FlashPolicyCallback), preq);
}
}
private static void AddPolicy (Uri responseUri, ICrossDomainPolicy policy)
{
string root = GetRoot (responseUri);
policies [root] = policy;
}
private static void AddPolicy(Uri responseUri, ICrossDomainPolicy policy)
{
string root = GetRoot(responseUri);
policies [root] = policy;
}
private void FlashPolicyCallback (IAsyncResult result)
{
WebRequest wreq = (result.AsyncState as WebRequest);
BrowserHttpWebResponse wres = (BrowserHttpWebResponse) wreq.EndGetResponse (result);
// we either got a Flash policy or (if none/bad) a NoAccessPolicy, either way we continue...
policy = CrossDomainPolicyManager.BuildFlashPolicy (wres);
GetResponse (this.Method, uri, true);
}
private void SilverlightPolicyCallback (IAsyncResult result)
{
WebRequest wreq = (result.AsyncState as WebRequest);
BrowserHttpWebResponse wres = (BrowserHttpWebResponse) wreq.EndGetResponse (result);
policy = CrossDomainPolicyManager.BuildSilverlightPolicy (wres);
if (policy != null) {
// we got our policy so we can proceed with the main request
GetResponse (this.Method, uri, true);
} else {
// no policy but we get a second chance to try a Flash policy
Uri flash_policy_uri = CrossDomainPolicyManager.GetFlashPolicyUri (wres.ResponseUri);
BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal (null, flash_policy_uri);
preq.BeginGetResponse (new AsyncCallback (FlashPolicyCallback), preq);
}
}
private IAsyncResult GetResponse (string method, Uri uri, bool sendHeaders)
{
if ((uri.Scheme != "http") && (uri.Scheme != "https")) {
async_result.Exception = new SecurityException ("Bad scheme");
async_result.SetComplete ();
return async_result;
}
// this is a same site (site of origin, SOO) request; or
// we either already know the policy (previously downloaded); or
// we try to download the policy
if (!IsDownloadingPolicy ()) {
policy = CrossDomainPolicyManager.GetCachedWebPolicy (uri);
if (policy == null) {
// we'll download the policy *then* proceed to the requested URI
policy = CrossDomainPolicyManager.PolicyDownloadPolicy;
Uri silverlight_policy_uri = CrossDomainPolicyManager.GetSilverlightPolicyUri (uri);
BrowserHttpWebRequestInternal preq = new BrowserHttpWebRequestInternal (null, silverlight_policy_uri);
return preq.BeginGetResponse (new AsyncCallback (SilverlightPolicyCallback), preq);
}
}
// Console.WriteLine ("{0} '{1}' using policy: {2}", method, uri, policy);
HttpWebRequest wreq = GetHttpWebRequest (uri);
wreq.Method = method;
// store exception, to throw later, if we have no policy or are not allowed by the policy
if ((policy == null) || !policy.IsAllowed (wreq)) {
if ((policy == null) || (policy.Exception == null))
async_result.Exception = new SecurityException ();
else
async_result.Exception = policy.Exception;
async_result.SetComplete ();
return async_result;
}
// new in SL4 - unlike others it can be set (earlier) and is not checked later (CheckProtocolViolation)
// but still throws a SecurityException here
if (Headers.ContainsKey ("Proxy-Authorization"))
throw new SecurityException ();
if (!sendHeaders)
wreq.Headers.Clear ();
wreq.progress = progress;
return wreq.BeginGetResponse (new AsyncCallback (EndCallback), wreq);
}
