Crossdomain Silverlight Hosting

At work, I had a need for a line of business monitoring application to figure out server health. Due to the nature of the monitoring, it made sense to write this as a MySpace Developer Platform application, hosted in the browser. The display needs required a Rich Internet Application interface, meaning Flash, Silverlight, or heavy AJAX. I chose Silverlight, just because. Now, MySpace doesn’t allow one to publish a Silverlight application, but that didn’t stop me from writing an app for my own personal consumption. Given the nature of the application, I needed to host the Silverlight XAP file on a server separated from the JavaScript and web page that displayed the application. Silverlight doesn’t like having JavaScript call into it unless the application manifest says that it is OK. It took me several hours to figure out the nature of why my scriptable objects, which worked fine in my test environment, failed in production. Living on two servers busted things. If you host the Silverlight XAP file on a domain that is separate from your web page, you need to declare the following in the Silverlight application’s manifest:

<Deployment xmlns=""






ExternalCallersFromCrossDomain supports two values: NoAccess and ScriptableOnly. It is secure by default, setting NoAccess. Since I needed JavaScript from a different domain (a different web site) to access the scriptable members of the, I had to set this to ScriptableOnly.

FWIW, this bug followed the Seely Bug Fix Complexity Rule: the longer you spend troubleshooting a bug, the smaller the fix will be. Time spent troubleshooting: 4 hours. The bolded item above shows the fix.

%d bloggers like this: