Actionscript 3 :: Getting Actual Facebook And Twitter Profile Image URLS For Flex Security Policy?
Oct 25, 2011
I'm trying to display the profile images from both facebook and twitter. For facebook, the URLs I'm receiving are something like this (not actual urls):[URL]... Which is then redirected to the 'actual' url like this:[URL].. I'm also doing this with twitter, with the same issue (redirected url).
So, when I load the image, it loads fine. But when I close the container that the image is in, then I get the security sandbox violation. I can get this all to work if I add the URL from the 'actual' image url like this:
[Code]..
View 1 Replies
Similar Posts:
Oct 19, 2010
I'm trying to load profile images (friend images) from Facebook with AS3 but I seem to be running into a security issue.I'm currently using the "official" Adobe Facebook API for Actionscript 3 which works fine. However, I seem to be having trouble loading profile images when running my application in a browser. The images load fine when running in the Flash IDE.The images are being loaded from URL... and there seems to be a crossdomain.xml policy on that domain:[code]
I just noticed that when I visit one of the images in a browser that I'm actually redirected to Facebook's CDN where the actual image is stored. When I hard-code the image url with the redirected URL I can load the image in the browser. It seems that this is not a security issue after all but a redirection issue.If this is a redirection issue then the question would become; How can I have Flash Player load an image from a redirected URL?It seems that the URLRequest class has a followRedirects property which is only available in AIR.I'm currently using a PHP script to get me the redirected URL as a work around but this of course is far from ideal and potentially a big strain on my server.
View 6 Replies
Aug 10, 2010
I've recently started putting together a Facebook Connect AS3 app and retrieving objects and images through the Graph API.Running anywhere but locally, I receive security errors of the form: SecurityError: Error #2122: Security sandbox violation: Loader.content: xxxx cannot access url...A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.If I add a line of the form:[code]One thing I'd considered was retrieving the crossdomain policy file on a per image basis, capturing the domain from the image URL before making the image request. Unfortunately, at least via the Graph solution (and I haven't looked too closely at the others), their servers resolve the image url after the request is made, from something more generic like: url...Has anyone found a more dependable means of ensuring that images can be retrieved without security sandbox violations? Or do Facebook maintain a definitive list that developers need to keep an eye on?
View 1 Replies
Oct 9, 2010
When I try to request a token from Twitter:[code]The weird thing is that it doesn't happen when I run my App in Debug mode (from Flash Builder) it just happens when I call my application from localhot:3000 (as I'm using Rails)!
View 2 Replies
Oct 26, 2011
I'm loading in profile images from both facebook and twitter into a flex application. Based on the answer from this question, I'm loading the domain policy from the redirected url. However, now I'm seeing this error: Error: [strict] Ignoring policy file at [URL] The crossdomain.xml file from that URL looks like this:
[Code]...
The error states that there is a missing Content-Type. How do I get around this? I, obviously, can't update facebook's files.
View 1 Replies
Nov 30, 2010
I'm working with some forms and i need that the user connects to Twitter (from my EXTERNAL web page) to get his/her profile picture (possibly its URL).
View 2 Replies
Apr 15, 2011
I'm using as3httpclientlib to post data to my web service, but I'm continually getting the following security violation. Does anyone know how to resolve this? My crossdomain.xml file is below the security violation notice. NOTE: I'm using apache to proxy requests to the web service, therefore the target url/port and the url/port serving the applet are the same -- [URL] Also, the rossdomain.xml file is located in the root of the web app which serves the applet rather the web service; however, since the requests are proxied the url for the file is [URL]
[Code]...
View 1 Replies
Feb 16, 2010
I am developing a facebook application which sits in an application tab.The app is developed in flash and as such must use fb:swf to embed the swf.Therefore it sets allowScriptAccess = never on the swf.There are 3 things that I will need to do, and I am not sure if it will be possible.1) Load external SWF files into the parent swf2) Load dynamic XML from the server3) Upload files to the serverI am using flash 10.
View 1 Replies
Nov 8, 2010
I am trying to create a facebook application that will allow me to post to a fanpage wall once installed. to be honest i am a newbie when it comes to actionscript and am just looking for a simple solution. I have set one up that allows me to post to a personal profile but dont know how to do so for my fanpage.
View 0 Replies
Feb 1, 2011
Someone have already done this? I have a solution in mind, but I don't tried yet. Before trying i'm wanna know if it's possible.
My solution is just posting a wall into an html page and getting the source of page in Flash and parsing it.
View 2 Replies
Mar 3, 2011
I'm having trouble passing the url for a users facebook profile picture to a Loader() variable. I'm using a PHP file to get around the security and from the debug I made, it shows that I'm getting the URL fine, but the Loader runs the error event listener. Here is what my facebookProxy.php file looks like;
<?php
$path=$_GET['path'];
header("Content-Description: Facebook Proxied File");
[code].....
View 2 Replies
Jul 6, 2011
As the title says im trying to load Facebook profile images into flash using AS3,now im pretty far with this but i hit a blockade.[code]Im obtaining the friends list of the current user through some PHP a friend of mine wrote, and accesing their ID's, which i use to load their profile images.
View 1 Replies
May 19, 2010
How to I get my security policy working? My parent swf parses an XML doc and loads 2 children. It throws a 2148 security error, and only works in the Flash IDE. PARENT SWF 'I put it at the top of my code. That seemed like the proper event flow' flash.system.Security.loadPolicyFile("crossdomain.xml"); I've referenced my security file from my swf. I Also published my parent swf as 'network only' and put all the crossdomain.xml and everything else in the same folder. I need to click on the animations and have them place from a local computer at a kiosk. POLICY FILE 'Used"*" since there's not URL, it's all local'
[Code]...
View 2 Replies
Apr 2, 2012
I'm trying to learn how to get my own facebook & twitter wall status into flash so that I can export it out and install it in my iPhone.After reading the facebook and twitter API documentation, I'm still very confussed on how to use them.
View 1 Replies
Jan 25, 2010
I'm really sick and tired of facebook's crossdomain.xml , finally got it working for loading pictures from the server. Now I need to load variables from my app using flash. I'm getting this error.
[Code]...
View 2 Replies
Oct 29, 2009
so i was trying to lop an Internet radio player, that will connect to different shoutcast servers, and play the radio, of course in development time everything was ok, now the time came for publishing just to be surprised with this messageof course i know what to do, but the end user will most likely won't know, and also i think this is a set back for developing such stuff, i also once tried to develop a twitter widget same thing happened when trying to communicate with twitter output, to work around that i could load the xml file from twitter into a local file using php, but i see a lot of flash files that uses flickr, twitter, and other sites, so how do these widgets work without triggering the security message,
View 1 Replies
Feb 15, 2008
Last few months I experienced lot pain of due to Flash Player 9 version 3 (I thought that 9 is version no.).
Last thing is new socket policy files and all the new security "improvements". We finally forced sockets to works, to:[URL]..
[Code]...
How I can wrap socket class and avoid <policy-file-request/>?
View 14 Replies
Jan 6, 2012
I'm trying to research some support for this but not getting very far, so I'm hoping you all can help. Is it possible to do something like the following:
Code:
Security.loadPolicyFile("*.mywebsite.com/crossdomain.xml");
The purpose is to not have to create multiple SWFs for each subdomain and not have a list of absolute urls because we do not want this:
Code:
Security.loadPolicyFile("mobile.mywebsite.com/crossdomain.xml");[code]........
View 2 Replies
Jan 22, 2010
I making a game leaderboard on facebook. I'm not using f-connect but working inside the canvas. When I try to load the images from facebook it gives me the following error:A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.Here is my loader code
public var preLoader:Loader;
preLoader=new Loader();
**update**
[code].....
View 1 Replies
Jan 22, 2010
I am making a game leaderboard on facebook. I'm not using f-connect but working inside the canvas. When I try to load the images from facebook it gives me the following error[code]....
View 1 Replies
Jan 21, 2010
I making a game leaderboard on facebook. I'm not using connect but working inside the canvas. When I try to load the images from facebook it gives me the following error.
SecurityError: Error #2122: Security sandbox violation: Loader.content: http://test cannot access http://profile.ak.fbcdn.net/v22941/254/15/q652310588_2173.jpg A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
[Code]...
View 3 Replies
Sep 20, 2011
We're building an app that loads a user's photos from facebook. It seems facebook hosts these images across multiple hosts. Is it possible to dynamically add a cross domain policy, after a Security sandbox violation has occurred?
[Code]...
View 2 Replies
Oct 28, 2011
I'm working on a Flash/Facebook game. My swf and socket server are on different domains, so I have to use a socket policy file. According to Adobe, they have "filed with IANA, the Internet Assigned Numbers Authority, to reserve port 843 for the purposes of serving socket policy files." Unfortunately, my server has port 843 closed. I asked my server guy to open the port. Here's his reply:
[quote]One of the points Matt mentioned is even if we open that particular port how would you ensure the scores of people accessing this game from their schools, libraries or even people internal to OurCompany will have connectivity on the port. Let me explain, in order for traffic to flow on port 843 from the browser to the smart fox server, the users ISP also has to allow for that traffic to pass outbound from the users browser. It is possible that several users would not be able to run it, is that risk acceptable ?[/quote]
How common is it for ISPs to block port 843? I assumed that, since this is an Adobe standard, that ISPs would now have it open by default. What's the scoop?
View 2 Replies
Jan 22, 2010
I making a game leaderboard on facebook. I'm not using f-connect but working inside the canvas. When I try to load the images from facebook it gives me the following error:
SecurityError: Error #2122: Security sandbox violation: Loader.content: [URL] A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
Here is my loader code
public var preLoader:Loader;
preLoader=new Loader();
**update**
Security.loadPolicyFile('http://api.facebook.com/crossdomain.xml');
[code]....
something ( I have made sure the pictures are static and do not require a facebook login or anything , they are just user public profile pictures)
View 5 Replies
Aug 11, 2010
I am creating one desktop application of facebook.
So here I am getting streams from facebook post. So when any facebook application's long image link I am getting that I can't display in Image container, this is not displaying image.
One also fact is that, When I am giving this link directly then it is working.....
When I have seen this in Charlse Debugging proxy then it is displaying 403,Forbidden error of image.
View 2 Replies
Jun 9, 2011
I have an application that connects to a binary socket server running on port 2234. I use the python policy file server, which I downloaded from [URL], which runs on port 843. If the client app is trying to connect to a socket I can see that the server is receivng the request for a policy file and that it sends it to the client. However, in the client, I get a security sandbox error. How is this possible? And is it possible to check whether the client really received the policy file? BTW, here is my policy file:
<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" to-ports="*" /></cross-domain-policy>
View 3 Replies
May 19, 2011
I'm using a PHP proxy script to load images from Facebook into Flash without any sandbox violations. It is taken from the guide here: [URL].. The relevant PHP code is:
[Code]...
The guide mentions that additional security measures are recommended for a real world application. What additional measures would be applicable to this? Maybe some kind of key passed from Flash to PHP?
I realise that there's nothing I can do to completely protect the Flash from being decompiled, but can I prevent the script from being used maliciously?
View 1 Replies
Dec 28, 2011
We've just developed a small Facebook puzzle that people win some gifts from our customer. I'd like to ask a few questions since I'm pretty stuck despite tried lots of things. First I'd like to write what we have and then will explain our problems.oot of application (/) checks for signed_request in POST params, extracts information from it to see if we've registered the logged in user into our database. This checks are also used to understand if the request is sent from Facebook or not to prevent requests coming outside of Facebook. (will write why we want this)Once the application is successfully rendered, Facebook JS API takes place, does its checks and sets the fbsr cookie. We use that cookie information while processing ajax requests to check if the request really belongs to the logged in user (e.g.: scores being sent for a user belong to the logged in user).
We implemented CSRF protection and another protection to check if the requests are POST and more specifically AJAX requests and return 40x if not.nd out that some people seem to take advantage of this bug.One way I thought of is to ignore all requests except coming from Facebook. Since the ajax requests are blocked (cross site) we should have been safe. However this leaded to another problem that, once we redirect users to e.g. leaderboard the signed_request data is lost and our index page returns 40x once the user tries to go back since our application thinks that the user tries to visit our application outside of Facebook.
View 1 Replies
Apr 7, 2010
I am trying to make an external interface call on widgets I am creating to get the domain for in/out of network stats.
[Code]...
From what I am reading an allowscriptaccess needs to be set to always, which I can't do because there isn't embed code that is sent to Facebook during a share so I don't have control over that.
View 1 Replies
Aug 21, 2011
using the latest facebook actionscript library, I upload an image using: Facebook.api('me/photos', etc...) it returns an ID, which method would I call to get the url of the uploaded image?
View 1 Replies
