Yahoo! maps APIs - allows all domains http://local.yahooapis.com/crossdomain.xml
Yahoo! search APIs - allows all domains http://search.yahooapis.com/crossdomain.xml On Oct 18, 3:34 pm, zeh fernando <z...@zehfernando.com> wrote: > Does Twitter have any plans on when/whether they'll change its current > cross-domain policy file? > > http://api.twitter.com/crossdomain.xmldoes not allow requests from > Flash-based websites and web apps because it restricts response to > twitter.com subdomains. > > http://search.twitter.com/crossdomain.xml, however, does allow Flash > requests from any domain. > > This policy pretty much renders all Flash calls to the API useless > (unless they're search calls). > > One could use proxy scripts, but given the limitations imposed by the > Twitter API (150 calls per IP per hour), it means public websites are > out of luck if they're getting any kind of public data without > authenticating like, say, getting a (public) user timeline. > > This has been discussed at length in previous threads. > > Change in > crossdomain.xml??http://groups.google.com/group/twitter-development-talk/browse_thread... > > Most curiously, the above thread mentions on March 2008 that Twitter > would be moving API calls to api.twitter.com and allowing a more > permissive crossdomain policy file there in a few months. This hasn't > happened, though, since people have continued to be dumbfounded by the > inability to load Twitter data from Flash-based web apps. > > Twitter Stream > crossdomain.xmlhttp://groups.google.com/group/twitter-development-talk/browse_thread... > > I think this decision is specially questionable as the cross-domain > restrictions in place do nothing else other than put a tax on what > people can do from Flash-based web apps, but also allow any other > usage from any other technology, be it a security issue or not. In > fact, even using PHP proxies one could make the API calls from Flash > (albeit in a restricted manner) so I can't see a real reason for > singling out/blocking this platform. > > Normally, public APIs add no such artificial/ineffective restrictions, > and simply allow any kind of connection (doing their own top of their > own built-in restrictions and rate limiting)... > > http://graph.facebook.com/crossdomain.xml- allows connections from > all domainshttp://api.flickr.com/crossdomain.xml- allows connections from all > domainshttp://api.plixi.com/crossdomain.xml- allows connections from all > domainshttp://api.bit.ly/crossdomain.xml- allows connections from all > domainshttp://stream.twitvid.com/crossdomain.xml- allows connections from > all domains > ...etc etc > > So, is there any clear reason why the restriction is still in place? > Or any idea on when this policy will be reviewed? > > Thanks, > Zeh -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk