I'm trying to include users profile picture from facebook, which works fine, but the thing is when you want to include it on a SSL-secured page. I can't find a way to get the picture to load from a secure location. Using the following link to the users profile pic:
https://graph.facebook.com/<FB_ID HERE>/picture?type=square
Even though I use https it doesn't get loaded securely (browser says the page is just partially encrypted). And this isn't strange since the link just redirects to the images, for example for my profile picture:
https://graph.facebook.com/Bazze/picture?type=square
This will get the picture from:
http://profile.ak.fbcdn.net/hprofile-ak-snc4/161513_633115680_6792455_q.jpg
Note that that is not a secure location.
Anyone know how to load the profile picture securely through the https protocol?
Thanks!
Add return_ssl_resources=1 to your Graph call:
https://graph.facebook.com/<FB_ID>/picture?type=square&return_ssl_resources=1
This is the proper way to get a SSL-served image; the redirect will be to a https server with a proper SSL certificate.
Update: It appears Facebook will now automatically give you a redirect to https-hosted images when you use https://graph.facebook.com, so the return_ssl_resources parameter is no longer necessary.
Using http://graph.facebook.com still gets you a http-hosted image.
Well, https://graph.facebook.com/Bazze/picture?type=square is a 302 redirect to http://.... But note that https://... still works (example).
So it looks like one solution is to parse the 302 yourself, insert the 's' in the appropriate place, then fetch the image. But on the downside, the linked page above has certificate errors, and there isn't a good way to fix that.
(I'm not saying this is a good answer...)
The 302 redirect will have your picture URL as stated in the Open Graph API documentation.
The you need to change from:
/ http profile.ak.fbcdn.net /
to:
/ https fbcdn-profile-a.akamaihd.net /
And from: / http static.ak.fbcdn.net / to: / https s-static.ak.fbcdn.net /
I really think that FB should do that in their API's !!!!
You could proxy it through your own server. Set up a script that fetches the image from Facebook then servers it back to you over SSL.
For Example
<?php
$path=$_GET['path'];
if (stristr($path, "fbcdn.")==FALSE && stristr($path, "facebook.")==FALSE)
{
echo "ERROR";
exit;
}
header("Content-Description: Facebook Proxied File");
header("Content-Type: image");
header("Content-Disposition: attachment; filename=".$path);
@readfile($path);
?>
Taken from
http://www.permadi.com/blog/2010/12/loading-facebook-profile-picture-into-flash-swf-using-open-graph-api/
Accessed via https://yourdomainhere.com/proxy.php?path=URLENCODED-IMG-URI should return the userpic via SSL.
You can also get secure profile pics in bulk in which case you have to add the return_ssl_resources=1 param as @josh3736 mentioned.
https://graph.facebook.com/?ids=id1,id2,id3,...&fields=picture&return_ssl_resources=1
Use ***http***://graph.facebook.com/Bazze/picture?type=square instead of **https**://graph.facebook.com/Bazze/picture?type=square
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 老娘就宠你 的文章《Loading Facebook profile picture securely》','https://www.manongdao.com/article-625072.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}