Hello, Our cross domain policy file is intentionally setup to exclude any and all 3rd party websites. This is a permanent decision. The only way to work around this is to setup a server-side proxy.
Thanks, -Chad On Mon, Aug 31, 2009 at 2:35 PM, torontocitylife<patr...@torontocitylife.com> wrote: > > Does anyone know what's going on with Twitter's crossdomain policy > file? I read -- over a year and a half ago -- that they were > temporarily blocking broad access because of security holes. The > crossdomain file still reads: > > <?xml version="1.0" encoding="UTF-8"?> > <cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema- > instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/ > schemas/PolicyFile.xsd"> > <allow-access-from domain="twitter.com" /> > <allow-access-from domain="api.twitter.com" /> > <allow-access-from domain="search.twitter.com" /> > <allow-access-from domain="static.twitter.com" /> > <site-control permitted-cross-domain-policies="master-only"/> > <allow-http-request-headers-from domain="*.twitter.com" headers="*" > secure="true"/> > </cross-domain-policy> > > ...which means Twitter is disallowing access from anything other than > the twitter.com domain, meaning no access to any web-based apps > without a server-side proxy workaround. Wasn't this supposed to be > temporary? And why even have a web-based API if they're still, a year > and a half later, actively disallowing connections to it? >
