All I wanted was a nifty Silverlight demo of my company’s new .NET package rating API for the commercial print industry. The main goal of the demo was to provide sample code that developers could look at to understand how easy it is to use. To keep the sample code simple, I wanted the Silverlight application to call the API directly. Should have been easy, right? Well, it wasn’t mainly because the API does an HTTP post to a site in a different domain and Silverlight just doesn’t allow that.
I’m not going to regurgitate the various ways you can get around this limitation. Just google search on “cross domain post silverlight” if you want technical details. I settled on a proxy approach, which I implemented grumbling all the way.
Grumbling because it only has to be this annoying because hackers have developed a number of malicious ways to use cross-domain posts to do nasty things. Again, I’ll spare you the details but you can follow the link if you really want them. Suffice it to say that because some people find it amusing, profitable or fulfilling to lie, cheat and steal, you have to jump through hoops to post something to an outside domain from Silverlight. It’s really the same reason I have to waste $20 per month on alarm monitoring for my home. If a very few people did not suck, we would not have to lock our doors, we would not have to install annoying virus checking software on our computers and we could do cross-domain posts from Silverlight without requiring the domain we are calling to have some magic file that we require.