Does anyone know what's going on with Twitter's crossdomain policy
file? I read -- over a year and a half ago -- that they were
temporarily blocking broad access because of security holes. The
crossdomain file still reads:

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="
instance" xsi:noNamespaceSchemaLocation="
  <allow-access-from domain="" />
        <allow-access-from domain="" />
        <allow-access-from domain="" />
        <allow-access-from domain="" />
        <site-control permitted-cross-domain-policies="master-only"/>
  <allow-http-request-headers-from domain="*" headers="*"

...which means Twitter is disallowing access from anything other than
the domain, meaning no access to any web-based apps
without a server-side proxy workaround. Wasn't this supposed to be
temporary? And why even have a web-based API if they're still, a year
and a half later, actively disallowing connections to it?

Reply via email to