Facebook API: Why can I load a user's image off one domain but not another?

Question

Image 1 is at fbcdn-photos-a.akamaihd.net

Image 2 is at fbcdn-sphotos-a.akamaihd.net

The crossdomain files are identical:

https://fbcdn-sphotos-a.aka

Answer 1

As the error message states you are attempting to load something from a different server which is a security violation. It might not appear to make sense as you know they are identical but only you know that. This same security principal is what prevents js in a browser from one site stealing a cookie that belongs to another. If this security principal did not exist then the web would be a much worser place, with identity theft a much bigger problem.