Twitter kills flash apps
Twitter recently remade their crossdomain.xml file very restrictive, allowing only apps on their own domain to access the api content. Unfortunately, this makes Flash applications throw Sandbox violations so no more Flash/Twitter mashups. Apparently though, they aren’t above the possibility of selling access though. Discovering radiance? What the? Apparently, there’s a real security issue involved (flash 9, what’s new!?) but it’s a bummer b/c I really liked my little app that I made for my new site. Next up: Ben scrapes his twitter content, saves it locally. ;)
One of the suggestions from that link, interesting.
1. Move the Twitter API to api.twitter.com. Use the completely permissive crossdomain.xml on api.twitter.com.
2. Stop supporting HTTP Basic auth. on api.twitter.com. Implement OAuth or some other kind of auth. token system.
3. Require non-public API requests to include a valid user auth. token.
Comment by Robert — March 18, 2008 @ 6:44 am
Flickr also went through some of the same issues way back… which is why their API endpoint is api.flickr.com, and they moved the crossdomain to that domain and removed it from flickr.com. other APIs do OAuth and use yahooapis.com as the API end-point.
The sad part is that adobe will be further tightening the security in Flash in their next update. But, remember you can always use a server-side proxy ;)
Comment by Zach — March 20, 2008 @ 10:26 pm