Crossdomain.xml help?


Thanks for pointing this out – I’m looking into it.


thank you! :slight_smile:


We expect a fix for this issue to roll out later today. I’ll let you know if it’ll take longer. Thanks again for reporting this.


Thank you for responding so quickly.

The new crossdomain on does not match those on and

The new policy on does not allow any domain other than twitter owned domains to access the images. Thus our flash applications cannot show the media images associated with tweets.


Is there anything out there that resolved this? The cross domain still only lets users access the files from Twitter properites. Shouldn’t it look like this?



Still waiting on a resolution for this. The cross-domain at has not been updated to allow access from outside of Twitter yet.


This is also affecting our projects. Please make this crossdomain.xml public so we can continue using this service without a proxy.


23 weeks 3 days ago
And still waiting…


23 weeks 3 days ago
And still waiting… [2]


24 weeks 3 days ago
And still waiting…


Is there no update on this? Is Flash not allowed to access Twitter images?


We are also having this issue. Please fix or provide a workaround!


Is anything being done to fix this issue?


A quick work around for this issue is to replace http://pbs with http://a0 for all images you need to display.


Any updates on getting the cross domain issue fixed?


Any updates on this issue?


Nice trick Xty13, but sadly your solution is working less and less as twitter is migrating their systems over to pbs and droping a0 and a1. The last couple requests I have seen put all images (avatars, and images) at pbs, and few if any worked when attempted from a0 or a1.


Not sure why this has become such a long-standing issue. Can someone at Twitter please explain why the crossdomain policy has become restrictive? People can build web apps and access the images with no problem, so why the hate for Flash developers?

Trying to use socket connection to pull user timeline tweets with application-only auth

Hello everyone,

Thanks for the report on this. We have started a discussion with the teams to provide a more permissive crossdomain.xml file to access profile images. While we don’t have any dates to provide yet, I simply wanted to mention that we heard you well and we are aware of this limitation when working with Flash.

In the meantime, a workaround is to make use of a simple proxy. This proxy will be authorized by your Flash application, either by being on the same domain or by providing a permissive crossdomain.xml file, and will fetch the images from the profile_image_url fields mentioned in the API responses and return the images so you can display them in your application rather than attempting to get them directly from Twitter.

We will keep you updated as soon as we have news to share regarding the Twitter crossdomain.xml file and when using such a proxy is no longer necessary.

Thanks for your patience.

All the best,


Hello everyone,
Any updates here?

Best regards,