Facebook API: Why can I load a user's image off one domain but not another?

Question

Image 1 is at fbcdn-photos-a.akamaihd.net

Image 2 is at fbcdn-sphotos-a.akamaihd.net

The crossdomain files are identical:

https://fbcdn-sphotos-a.aka

Answer 1

If you are attempting only to get the user's profile image, you can access it unsecured from http:/graph.facebook.com/USERID/picture/ . But if you are talking about any other image (photos, etc.), you can do it only from the domain declared in the facebook app page, "Facebook integration" tab. That prevents any malicious intent of accessing your user's data in the event that somebody obtains your APP_ID and APP_SECRET.