Thanks for letting us know about this. I've asked the team to if this file
should be as restrictive as it currently is.

Best
@themattharris
Developer Advocate, Twitter
http://twitter.com/themattharris


On Thu, Dec 16, 2010 at 11:16 AM, WildFoxMedia <wildfoxme...@gmail.com>wrote:

> Super, they are all returning the same thing now, which is blocking
> access from any non-twitter domain which you can see below:
>
> <cross-domain-policy xsi:noNamespaceSchemaLocation="http://
> www.adobe.com/xml/schemas/PolicyFile.xsd">
> <allow-access-from domain="twitter.com"/>
> <allow-access-from domain="api.twitter.com"/>
> <allow-access-from domain="search.twitter.com"/>
> <allow-access-from domain="static.twitter.com"/>
> <site-control permitted-cross-domain-policies="master-only"/>
> <allow-http-request-headers-from domain="*.twitter.com" headers="*"
> secure="true"/>
> </cross-domain-policy>
>
> What is Twitters official stance on this? Are Flash developers SOL and
> required to use a server-side proxy to grab images, or are we supposed
> to be able to grab profile images from *.twimg?
>
> On Dec 15, 5:57 pm, John Adams <j...@twitter.com> wrote:
> > a0 through a4 should offer identical crossdomain.xml files.
> > They are all going through a CDN, so it might be the case that the CDN
> > endpoint you are hitting has a stale file.
> >
> > I just checked all of the CDN endpoints from here and they are returning
> the
> > same data. Try again?
> >
> > -john
> >
> > On Wed, Dec 15, 2010 at 5:20 PM, WildFoxMedia <wildfoxme...@gmail.com
> >wrote:
> >
> > > Im currently seeing the same issue, however, in completely reverse.
> >
> > > As of this moment, a0 & a1 are not allowing other domains and a2 & a3
> > > are allowing all domains.
> >
> > > The other day, all 4 were not allowing other domains.
> >
> > > Is there any reason or rhyme for this and more importantly, what is
> > > the expectation? Are we supposed to be able to make calls from Flash
> > > for profile images or not?
> >
> > > On Nov 28, 3:57 pm, stephen <sno...@bcm.com.au> wrote:
> > > > Hey,
> >
> > > > It appears the crossdomains for a2, a3, etc are different and are
> > > > preventing flash from accessing profile images on these domains.  a0
> > > > and a1 are fine, however the api returns profile image urls using all
> > > > of these domains (a0 - a?).
> >
> > > > Are the crossdomains suppose to be all the same or are we suppose to
> > > > target only the first two?  From the few that I've tested, it seems
> > > > all profile images are accessible through the a0 or a1 domains
> despite
> > > > what the api returns.
> >
> > > > Crossdomains
> >
> > >http://a0.twimg.com/crossdomain.xmlhttp://a1.twimg.com/crossdomain.xm.
> ..
> >
> > > > Stephen
> >
> > > --
> > > Twitter developer documentation and resources:
> http://dev.twitter.com/doc
> > > API updates via Twitter:http://twitter.com/twitterapi
> > > Issues/Enhancements Tracker:
> > >http://code.google.com/p/twitter-api/issues/list
> > > Change your membership to this group:
> > >http://groups.google.com/group/twitter-development-talk
> >
> >
>
> --
> Twitter developer documentation and resources: http://dev.twitter.com/doc
> API updates via Twitter: http://twitter.com/twitterapi
> Issues/Enhancements Tracker:
> http://code.google.com/p/twitter-api/issues/list
> Change your membership to this group:
> http://groups.google.com/group/twitter-development-talk
>

-- 
Twitter developer documentation and resources: http://dev.twitter.com/doc
API updates via Twitter: http://twitter.com/twitterapi
Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list
Change your membership to this group: 
http://groups.google.com/group/twitter-development-talk

Reply via email to