Thanks for letting us know about this. I've asked the team to if this file should be as restrictive as it currently is.
Best @themattharris Developer Advocate, Twitter http://twitter.com/themattharris On Thu, Dec 16, 2010 at 11:16 AM, WildFoxMedia <wildfoxme...@gmail.com>wrote: > Super, they are all returning the same thing now, which is blocking > access from any non-twitter domain which you can see below: > > <cross-domain-policy xsi:noNamespaceSchemaLocation="http:// > www.adobe.com/xml/schemas/PolicyFile.xsd"> > <allow-access-from domain="twitter.com"/> > <allow-access-from domain="api.twitter.com"/> > <allow-access-from domain="search.twitter.com"/> > <allow-access-from domain="static.twitter.com"/> > <site-control permitted-cross-domain-policies="master-only"/> > <allow-http-request-headers-from domain="*.twitter.com" headers="*" > secure="true"/> > </cross-domain-policy> > > What is Twitters official stance on this? Are Flash developers SOL and > required to use a server-side proxy to grab images, or are we supposed > to be able to grab profile images from *.twimg? > > On Dec 15, 5:57 pm, John Adams <j...@twitter.com> wrote: > > a0 through a4 should offer identical crossdomain.xml files. > > They are all going through a CDN, so it might be the case that the CDN > > endpoint you are hitting has a stale file. > > > > I just checked all of the CDN endpoints from here and they are returning > the > > same data. Try again? > > > > -john > > > > On Wed, Dec 15, 2010 at 5:20 PM, WildFoxMedia <wildfoxme...@gmail.com > >wrote: > > > > > Im currently seeing the same issue, however, in completely reverse. > > > > > As of this moment, a0 & a1 are not allowing other domains and a2 & a3 > > > are allowing all domains. > > > > > The other day, all 4 were not allowing other domains. > > > > > Is there any reason or rhyme for this and more importantly, what is > > > the expectation? Are we supposed to be able to make calls from Flash > > > for profile images or not? > > > > > On Nov 28, 3:57 pm, stephen <sno...@bcm.com.au> wrote: > > > > Hey, > > > > > > It appears the crossdomains for a2, a3, etc are different and are > > > > preventing flash from accessing profile images on these domains. a0 > > > > and a1 are fine, however the api returns profile image urls using all > > > > of these domains (a0 - a?). > > > > > > Are the crossdomains suppose to be all the same or are we suppose to > > > > target only the first two? From the few that I've tested, it seems > > > > all profile images are accessible through the a0 or a1 domains > despite > > > > what the api returns. > > > > > > Crossdomains > > > > >http://a0.twimg.com/crossdomain.xmlhttp://a1.twimg.com/crossdomain.xm. > .. > > > > > > Stephen > > > > > -- > > > Twitter developer documentation and resources: > http://dev.twitter.com/doc > > > API updates via Twitter:http://twitter.com/twitterapi > > > Issues/Enhancements Tracker: > > >http://code.google.com/p/twitter-api/issues/list > > > Change your membership to this group: > > >http://groups.google.com/group/twitter-development-talk > > > > > > -- > Twitter developer documentation and resources: http://dev.twitter.com/doc > API updates via Twitter: http://twitter.com/twitterapi > Issues/Enhancements Tracker: > http://code.google.com/p/twitter-api/issues/list > Change your membership to this group: > http://groups.google.com/group/twitter-development-talk > -- Twitter developer documentation and resources: http://dev.twitter.com/doc API updates via Twitter: http://twitter.com/twitterapi Issues/Enhancements Tracker: http://code.google.com/p/twitter-api/issues/list Change your membership to this group: http://groups.google.com/group/twitter-development-talk