I'm trying to load profile images (friend images) from Facebook with AS3 but I seem to be running into a security issue.
I'm currently using the "official" Adobe Facebook API for Actionscript 3 which works fine. However, I seem to be having trouble loading profile images when running my application in a browser. The images load fine when running in the Flash IDE.
The images are being loaded from https://graph.facebook.com
and there seems to be a crossdomain.xml policy on that domain:
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-control permitted-cross-domain-policies="master-only" />
</cross-domain-policy>
In other sources I found that adding a ContextLoader to my Loader object when loading the image should solve the problem but this doesn't seem to be the case either:
loader = new Loader();
// add some listeners here...
loader.load( new URLRequest( "imageurl" ), new LoaderContext(true) );
I'm not quite sure how to proceed at the moment. I was hoping that the Adobe Facebook API would provide assistance in this but I can't seem to find anything that solves this issue.
Any help greatly appreciated.
UPDATE:
I just noticed that when I visit one of the images in a browser that I'm actually redirected to Facebook's CDN where the actual image is stored. When I hard-code the image url with the redirected URL I can load the image in the browser. It seems that this is not a security issue after all but a redirection issue.
If this is a redirection issue then the question would become; How can I have Flash Player load an image from a redirected URL?
UPDATE 2:
It seems that the URLRequest class has a followRedirects
property which is only available in AIR.
UPDATE 3:
I'm currently using a PHP script to get me the redirected URL as a work around but this of course is far from ideal and potentially a big strain on my server.
I had the same problem and it looks like you have to manually load the crossdomain file of the domain you are redirected to in actionscript. For now, it looks like all facebook profile images are finally loaded from the domain http://profile.ak.fbcdn.net/.
I just added this line before loading the images:
Security.loadPolicyFile("http://profile.ak.fbcdn.net/crossdomain.xml");
This should allow for loading the redirected images, as long as the redirect domain does not change. ;)
You can use a URLLoader and load the image as a ByteArray. This appears to work regardless of the redirect. You can then use the ByteArray as the source for an Image/BitmapImage or use a Loader to load the bytes as you would have the image url in the first place.
For example:
var urlRequest:URLRequest = new URLRequest("http://graph.facebook.com/id/picture");
var urlLoader:URLLoader = new URLLoader();
urlLoader.dataFormat = URLLoaderDataFormat.BINARY;
urlLoader.addEventListener(Event.COMPLETE, completeHandler);
urlLoader.load(urlRequest);
function completeHandler(event:Event):void
{
var byteArray:ByteArray = loader.data;
// Then either:
bitmapImage.source = byteArray;
// or:
var loader:Loader = new Loader();
...
loader.loadBytes(byteArray);
...
}
it should be a relitively easy thing to do, all of the facebook profile images can be found by using the picture root of the graph API. like this link:
"http://graph.facebook.com/" + userid + "/picture"
I would like to confirm martin's solution here.
My case goes from testing the application on AIR platform which is fine and works great, the image loaded successfully.
But when I port it into canvas app on facebook then I face a problem, the profile images won't come along, it cannot load.
I use what martin suggest here. And if you track a url redirection, you will see that actually image profiles are located at that CDN server not facebook itself, so you need to load that domain's policy file according to actionscript's security-sandbox.
Thanks again.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With