I am trying do some testing examples with Facebook and Flash (using the Adobe Facebook AS3 library). I have followed the examples located at
http://www.adobe.com/devnet/facebook/articles/flex_fbgraph_intro.html
All was going really well and I got through to the step 4 part of the process and this is where things fell over. According to that document you need to be able to check to see if your Flash object is being hosted via Facebook or via your own site.
You do this by checking top.location (either via JavaScript or ExternalInterface.call method in Actionscript). However when I do that all I get is undefined. I have also tried various things :-
Top.location.toString() = undefined
Window.location.toString() = http://local.evanine.com:8080/userstatus/
Window.Top.toString() = [object DOMWindow]
Top.document = undefined
getPage() = Test 8:- undefined
getPage() is a Javascript function called via the ExternalInterface.call and all it does is return top.location.href
However, if I goto the same Flash object on my own site then it shows the right information it only displays this when embedded in an iFrame inside Facebook.
So, finally to my question 🙂
Since Facebook requires App Developers to use SSL, am I seeing this because I currently do not have an SSL certificate on my server ? Is this a security thing ?
This isn’t a SSL problem, this is because of the browser same origin policy. This would prevent an IFRAME (or your canvas app), from seeing what page the user is on. However, you do know enough to figure out if you are in an IFRAME if this is true:
Logically, top.location.href will return undefined as it should within an IFRAME. Remmember that you don’t need to know what the top url is, just if it belongs to you or not, which you can figure out by this comparison.
EDIT:
If you want to know if it is within FB then you can do this: