为什么Silverlight不允许从HTTP下载的客户端进行HTTPS访问（交叉方案） [英] Why does Silverlight not allow HTTPS access from a HTTP downloaded client (cross - scheme )

问题描述

Silverlight不允许交叉方案访问，即。如果从HTTP下载了silverlight XAP，那么它只能访问基于HTTP的内容，反之亦然，如此处所述 

Silverlight does not allow cross scheme access i.e. if the silverlight XAP is downloaded from HTTP then it can only access HTTP based content and vice versa as explained here 

   http://msdn2.microsoft.com/ en-us / library / cc189008（VS.95）.aspx  

   http://msdn2.microsoft.com/en-us/library/cc189008(VS.95).aspx 

我仍然无法理解的是这样的访问权限可能会造成安全威胁或设计考虑因素背后的原因。

What I still haven't been able to understand is how such an access can pose a security threat or what the design consideration is behind this.

我需要从我的应用程序调用基于HTTPS和HTTP的服务，因为这些服务并非都在我的控制之下，我有点卡住了。我非常热衷于理解"为什么"设计背后。

I have a need to call both HTTPS and HTTP based services from my applicaiton and since these services are not all under my control, I'am kinda stuck. I am very keen on understanding the "why" behind the design.

推荐答案

对此感兴趣，因为可能每个人都认为SL是"严重"的。 LOB申请的候选人。

Interested in this too as it is probably everyone considering SL as a "serious" candidate for LOB applications.

我怀疑我们会得到任何合理的解释:(它只是商业应用的极简主义支持的一部分:(和原始的安全方法:(

I doubt we'd get any rational explanation :( it just part of the minimalist support for business applications :( and primitive approach to security :(

 

这篇关于为什么Silverlight不允许从HTTP下载的客户端进行HTTPS访问（交叉方案）的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！