ClientAccessPolicy.xml

The ClientAccessPolicy.xml is used by web clients to determine if cross domain access is allowed or not.

MSDN about ClientAccessPolicy.xml and Silverlight

The default ClientAccessPolicy.xml configuration of the TwinCAT ADS WCF.
The default configuration should not be used in production environments.

<?xml version="1.0" encoding="utf-8"?>
    <access-policy>
    <cross-domain-access>
        <policy>
        <allow-from http-request-headers="*">
            <domain uri="http://*"/>
            <domain uri="https://*"/>
        </allow-from>
        <grant-to>
            <resource path="/" include-subpaths="true"/>
            <socket-resource port="4502-4534" protocol="tcp"/>
        </grant-to>
        </policy>
    </cross-domain-access>
    </access-policy>