CORS：有Facebook启用CORS的所有图片？ [英] CORS: Have Facebook enabled CORS for all of its pictures?

问题描述

我已经读过某个地方，Facebook已经交叉启用个人资料图片。我不确定相册和其他的东西，但事实上，Facebook是包括标题 Access-Control-Allow-Origin：* 在我的每一个网址

 <$ c $ 
 c> https://graph.facebook.com/PROFILE_ID/picture?width=25&height=25 
  

以及Akamai网址：

  https://fbcdn-sphotos-ha.akamaihd.net/hphotos-ak- ash3 / ... 
  

（后者由 https：//返回graph.facebook.com/PROFILE_ID/photos ）

---

我的应用程式基本上是做as：

  var img = new Image; 
 img.src =https：//fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash3 / ...; 
 img.crossOrigin =匿名; 
 
 img.onload = function（）{
 ctx.drawImage（img，x，y）; 
} 
 
 //上面的代码将重复几次
 //与操作ctx的代码混合
 
 //最后generetes数据
 var generatedImage = canvas.toDataURL（）; 
 //如果回到Facebook，就会发帖
  

（在所有主要浏览器上测试），但是有很多用户报告间歇性bug，当上传画布内容回到Facebook。
不幸的是，我还不能得到一个技术精明的用户报告一个具有正确的错误描述。现在我不能重现的问题（或甚至知道什么问题）。

到目前为止，我所知道的是，通过编写一个服务器端代理来服务Facebook图片，就像它们是本地的一样，这些错误显然消失了，所以，在我开始挖掘奇怪的跨浏览器问题之前，神秘的错误消息，如 OAuthException：发生未知错误。，污染的cavas等，我首先要回到基本信息：

对于通过Graph API公开的每个图片，是否启用CORS？ （

解决方案

再次回答我自己的问题。

显然是，对通过Graph API公开的每个图片启用CORS。他们都被返回 Access-Control-Allow-Origin：* 。

似乎有些浏览器不能很好地与 crossorigin ='anonymous'和CORS标题，所以，现在，代理服务仍然是安全的方式去。

I've read somewhere that Facebook have cross enabled for Profile Pictures. I'm not sure about albums and other stuff, but in fact Facebook is including the header Access-Control-Allow-Origin: * on every one of the URLs that I have tested to far.

I've tried the standard Profile picture URL

https://graph.facebook.com/PROFILE_ID/picture?width=25&height=25 

And well as Akamai urls:

https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash3/... 

(The latter are returned by https://graph.facebook.com/PROFILE_ID/photos)

---

My app is basically doing things such as:

var img = new Image;
img.src = "https://fbcdn-sphotos-h-a.akamaihd.net/hphotos-ak-ash3/...";
img.crossOrigin = "Anonymous";

img.onload = function() {
  ctx.drawImage(img, x, y);
}

// Above code will be repeated several times
// And mixed with code that manipulates ctx 

// Finally generetes data 
var generatedImage = canvas.toDataURL();
// And post if back to Facebook

Everything seems to be working fine with my code (tested on all major browsers), but there are a lot of users reporting intermittent bugs when uploading the canvas content back to Facebook. Unfortunately I couldn't yet get a tech savvy user to report something with a proper error description. Now I can't reproduce the problem (or even know what the problem is).

What I know so far is that by writing a server side proxy to serve Facebook images as if they were local the bugs apparently go away, so, it left me wondering, before I start digging into bizarre cross-browser issues, mysterious error messages such as OAuthException: An unknown error has occurred., tainted cavas, etc, I first have to go back to the basics:

Is CORS enabled for every single picture exposed through Graph API? (A link to the official documentation or a reliable source would be nice).

解决方案

Again answering my own question.

Apparently yes, CORS is enabled for every picture exposed through the Graph API. They are all being returned with Access-Control-Allow-Origin: *.

It seems like some browsers do not play well with crossorigin='anonymous' and CORS headers, so, for now, a proxy service is still the safe way to go.

这篇关于CORS：有Facebook启用CORS的所有图片？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！