I recently started building the Facebook Connect AS3 app and retrieving objects and images through the Graph API.
Work anywhere but locally, I get security errors in the form:
SecurityError: Error # 2122: security sandbox violation: Loader.content: xxxx cannot access http://photos-a.ak.fbcdn.net /xxxx.jpg A policy file is required, but the checkPolicyFile flag was not set when this media was loaded.
If I add a line of the form:
Security.loadPolicyFile ("ht_tp: //photos-a.ak.fbcdn.net/crossdomain.xml");
- then I relate to this server very well, but it seems that there are a number of domains with the format photos - [letter]. I added one for each in the alphabet, which happily extracts crossdomain files successfully, but this does not seem like a pleasant solution and does not accommodate any new hosting settings. Facebook may implement in the future.
One thing that I considered was getting the crossdomain policy file for each image, grabbing the domain from the image URL before making the image request. Unfortunately, at least through the Graph solution (and I did not look too carefully at the others), their servers resolve the image URL after the request, from something of a more general type:
ht_tps: //graph.facebook.com/ [ObjectId ] / image Type = small & access_token = [access token]
Has anyone found a more reliable means of ensuring that images can be restored without breaking the sandbox? Or does Facebook support the final list that developers need to keep track of?
Thank!