views:

126

answers:

1

Hi I'm building a Twitter search application in Flash and have encountered a security error when retrieving a user's information using the following...

http://api.twitter.com/1/users/show.xml?screen_name=

I noticed a crossdomain.xml file returned with the above.

This works

http://search.twitter.com/search.atom?

Can anyone suggest a solution?

+2  A: 

The cross domain policy for search.twitter.com permissive:

<cross-domain-policy>
       <allow-access-from domain="*" />
</cross-domain-policy>

And for api.twitter.com it's quite restrictive:

<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd"&gt;
  <allow-access-from domain="twitter.com" />
        <allow-access-from domain="api.twitter.com" />
        <allow-access-from domain="search.twitter.com" />
        <allow-access-from domain="static.twitter.com" />
        <site-control permitted-cross-domain-policies="master-only"/>
  <allow-http-request-headers-from domain="*.twitter.com" headers="*" secure="true"/>
</cross-domain-policy>

meaning that the only way to talk to api.twitter.com would be to call a script on your server and then proxy the request to twitter.

Neel