Facebook API: Why can I load a user's image off one domain but not another?

Question

Image 1 is at fbcdn-photos-a.akamaihd.net

Image 2 is at fbcdn-sphotos-a.akamaihd.net

The crossdomain files are identical:

https://fbcdn-sphotos-a.aka

Answer 1

The problem described here is that Graph API redirects you to one of the Facebook CDN domains. You have to load crossdomain policies from these domains into your Flash client in order to be able to call them using Security.loadPolicyFile(":///crossdomain.xml");. Protocol is also important. List of these CDN domains is not available, so you can't bake it into the app. I described similar problem with profile pictures in this bug: http://developers.facebook.com/bugs/470699803010338 It'd be ideal if Facebook provided a list of CDN domains for it's developers via API so we could load appropriate crossdomain policies without having to allow everything or compromise security in other ways.