Home/ Questions/Q 435237
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-12T20:21:22+00:00

I’ve been working my way through Tim Heuer’s Silverlight tuturial , in which you

  • 0

I’ve been working my way through Tim Heuer’s Silverlight tuturial, in which you set up a basic interface to search Twitter. I started on the tutorial yesterday, completing through Step 3. It all was working fine. Now, though, I can’t call Twitter without getting a “System.Security.SecurityException” error in the OpenReadCompleted handler. This applies to running Heuer’s own code, as well. I would assume that it’s a Cross-Domain Access issue, but that shouldn’t be the case with Twitter’s search API.

Using Web Development Helper, I see 2 failed GETs to http://search.twitter.com/clientaccesspolicy.xml, followed by a successful read of http://search.twitter.com/crossdomain.xml. That seems normal to me, since the first file exists, and the second doesn’t. I’m totally stuck, and being new to Silverlight, don’t know what else to try. I’d appreciate any help.

The Twitter call is as follows:

WebClient proxy = new WebClient();
proxy.OpenReadCompleted += OnReadCompleted;
proxy.OpenReadAsync(
    new Uri( @"http://search.twitter.com/search.atom?q=abc&since_id=0" ) );

These are the error details:

at System.Net.Browser.AsyncHelper.BeginOnUI(SendOrPostCallback beginMethod, Object state)
at System.Net.Browser.BrowserHttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.WebClient.GetWebResponse(WebRequest request, IAsyncResult result)
at System.Net.WebClient.OpenReadAsyncCallback(IAsyncResult result)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It looks like twitter has changed the client access policy on their search domain to no longer allow requests from other domains. The current file looks like:

    <?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
  <allow-access-from domain="twitter.com" />
    <allow-access-from domain="api.twitter.com" />
    <allow-access-from domain="search.twitter.com" />
    <allow-access-from domain="static.twitter.com" />
    <site-control permitted-cross-domain-policies="master-only"/>
  <allow-http-request-headers-from domain="*.twitter.com" headers="*" secure="true"/>
</cross-domain-policy>

    Which means unless you are coming from one of those *.twitter.com domains listed, then you can’t access it.

    Update Just read on twitter that they’ve relaxed the restrictions again. The new crossdomain.xml is much better:

    <?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
       <allow-access-from domain="*" />
</cross-domain-policy>

    So now your code should start working.

    • 0