views:

201

answers:

1

I've been working my way through Tim Heuer's Silverlight tuturial, in which you set up a basic interface to search Twitter. I started on the tutorial yesterday, completing through Step 3. It all was working fine. Now, though, I can't call Twitter without getting a "System.Security.SecurityException" error in the OpenReadCompleted handler. This applies to running Heuer's own code, as well. I would assume that it's a Cross-Domain Access issue, but that shouldn't be the case with Twitter's search API.

Using Web Development Helper, I see 2 failed GETs to http://search.twitter.com/clientaccesspolicy.xml, followed by a successful read of http://search.twitter.com/crossdomain.xml. That seems normal to me, since the first file exists, and the second doesn't. I'm totally stuck, and being new to Silverlight, don't know what else to try. I'd appreciate any help.

The Twitter call is as follows:

WebClient proxy = new WebClient();
proxy.OpenReadCompleted += OnReadCompleted;
proxy.OpenReadAsync(
    new Uri( @"http://search.twitter.com/search.atom?q=abc&since_id=0" ) );

These are the error details:

at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state) at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult) at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result) at System.Net.WebClient.OpenReadAsyncCallback(IAsyncResult result)

+2  A: 

It looks like twitter has changed the client access policy on their search domain to no longer allow requests from other domains. The current file looks like:

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd"&gt;
  <allow-access-from domain="twitter.com" />
    <allow-access-from domain="api.twitter.com" />
    <allow-access-from domain="search.twitter.com" />
    <allow-access-from domain="static.twitter.com" />
    <site-control permitted-cross-domain-policies="master-only"/>
  <allow-http-request-headers-from domain="*.twitter.com" headers="*" secure="true"/>
</cross-domain-policy>

Which means unless you are coming from one of those *.twitter.com domains listed, then you can't access it.

Update Just read on twitter that they've relaxed the restrictions again. The new crossdomain.xml is much better:

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"&gt;
<cross-domain-policy>
       <allow-access-from domain="*" />
</cross-domain-policy>

So now your code should start working.

Bryant
I thought that's what it looked like, but their changelog (http://apiwiki.twitter.com/REST-API-Changelog) says it hasn't changed since September. So it's just my bad luck that they changed this last night or this morning?
Dov
That is definitely the case. I had assumed that their API wouldn't suddenly change, but that does seem to have been the case. http://groups.google.com/group/twitter-development-talk/browse_frm/thread/4adf2a0297ce052d
Dov