When I request a photo from Facebook, some urls are like this:
https://{hidden_for_privacy}79141548_n.jpg
And others are like this:
https://{hidden_for_privacy}23364315_n.jpg?oh=c566c56ca9fd7eb1ed5d8bfca4255e84&oe=544AF123&__gda__=1414682395_6d2cb778f5b2c857d1be1c781e81cdfa
The second one has a few extra GET parameters (oh, oe and __gda_ _ (space is there to prevent bold).
When these parameters exist, the image will be invalid after a few days because those values will be different (you can check this by doing a new API call to get the same photo).
What do these parameters mean and how are they linked to the maximum timeframe?
Thanks!
I know some history and its purpose.
Originally facebook image url look like this
https://{*snipped*}/XXXXXXXXXXX_b.jpg
but there are more than on size of image available so people have access to thumbnail image can simply replace suffix _b with _n
(So now it is https://{*snipped*}/XXXXXXXXXXX_n.jpg)
to access to larger version of the image (if available).
Some time later facebook implements central image system that can dynamically crop and resize image on the fly upon request.
The url provided by facebook at this point of time may look like this:
https://{*snipped*}.fbcdn.net/hprofile-xxx1/v/t1.0-1/p32x32/12345678_123412341234123_4123412341234123412_n.jpg
And when people see the url their curiosity arise.
Let's try remove some parameter from the url.
https://{*snipped*}.fbcdn.net/hprofile-xxx1/v/12345678_123412341234123_4123412341234123412_n.jpg
And what they get is the largest and most complete version of the image they can possibly get from facebook server.
This method was working for a long time.
When people see image in their email (mostly profile picture) they can get complete version of image without even log into facebook.
It was working everywhere include private profile picture.
The quick fix and cheapest solution for facebook is to sign request path with some signature algorithm.
I guess they use HMAC as the core algorithm and derive HMAC input from various source including request path.
This will ensure that the only party who can generate valid url is the one who have HMAC key. (presumably just facebook)
Now old issue is fixed you can not use it anymore but there are more than one issue that can be fixed by adding MAC.
It is invalidation of access to images.
Let say people once publish their photo (now other can have both valid request path plus signed signature from facebook) and later on they change their mind and make the photo private.
However, people with valid url and signature can still fetch the image from facebook server.
To solve this issue with super cheap resource considered that they already implements HMAC calculation.
(And to obscure the fact that facebook does not actually delete your image from their system when you delete it.)
They decided to mix value derived from timestamp into input of HMAC.
(See RFC-6238 for similar usage)
So signature refreshing from facebook is periodically required to gain access to photo.
This solved the latter issue with very cheap additional resource.
And here you have it.
Some of history and rationale behind facebook's parameters.
I'm certain that there is no official document about the time frame but it should not be difficult to do some experiment yourself considered that now you know that the value of time frame you want is fixed and predictable.
I think they are facebook image session keys and they produced by facebook on every image showing. So fb servers consider that the request for an image is allowed and known by facebook itself.
Sorry for my bad English and my shallow comment, but i think the solution of this problem may be that fetch a url for a new image session when old one expired. Or i don't know your whole system but maybe you can connect to that assign-keys-for-images mechanism of facebook directly and get all fresh links.
If I am right about those parameters' working mechanisms purposes, i think there is no second solution.
Sorry for my bad English again.
I found the answer (finally). The point is that the photos are not public. If you request a private photo through the API they add a query string so that the url is not valid anymore after some time. Therefore the photo is still somewhat "private". The feature is understandable and there is no workaround other than downloading the image to some other place.
Related
I need to groups each space in the Piwik web analytics software. The cleanest way to do it would be if all URL´s had the spacekey in it, to allow each space-owner to easily get a complete view of their space and retain all functionality like browsing the site with an analytics overlay.
Some URL´s are canonical, however some just have an URL like /pages/viewpage.action?pageId=199921170
Is there some way through the AJS API or other method to find force a working URL in the form: /display/spacekey/title-of-page
The most important part is to have the spacekey in the URL. If there´s no workaround I might just generate an invalid URL by inserting spacekey and let each space-owner fix their page-titles if they want working analytics :-)
We are running Confluence version 5.10.7
(There´s an unresolved open issue on https://jira.atlassian.com/browse/CONF-11285 concerning the broader issue of sometimes having ugly URLs in confluence)
Instead of adding an incorrect URL, you could use a custom variable to record the space key, e.g.
_paq.push(['setCustomVariable','1','Space Key', AJS.params.spaceKey]);
I spotted that one (just one, rest is ok) shared link on wall of group I am in isn't look properly. It's just grey rectangle, you can see it on included image. I wonder why it's displayed this way because I copied url and pasted it to facebook open graph object debugger. There are no warnings and preview generated by tool is ok (so image pass dimension requirements). I also tried to put that url on my profile and I can see image. Sorry that I don't paste urls here but I don't think I'm allowed to do this. I hope someone still want to answer my qestion. What is reason of this behaviour?
Grey rectangle on shared link
There can be several reasons for this situation.
I assume you use some service provider to generate image.
Facebook crawler visits your site and make POST request which uses no cache content, which also makes your site fresh render for facebook request but also may cause timeout error in some cases. If image thumbnail is generated with some service provider it can be the cause.
Thumbnail service providers often causes mistakes by themselves. Take under consideration that what you see on facebook wall is the very first render of the image in the thumbnail provider. Check twice parameters that you send to the service and maybe there is some problem with alpha channel (if it's PNG image).
That's for my guesses. Hope it will help you.
I am pulling Facebook posts using facebook-graph API, now the problem is Image gets expired after few days.
I have the following URL for a single Image
Old Image URL which got expired
https://scontent-a.xx.fbcdn.net/hphotos-xfp1/v/l/t1.0-9/p180x540/14377_340369866155028_6836158858133154924_n.jpg?oh=7ed0d8818ad54fac851b036d24f5e674&oe=55579EE3
New Image working URL Is
https://scontent-sin1-1.xx.fbcdn.net/hphotos-xfa1/v/l/t1.0-9/14377_340369866155028_6836158858133154924_n.jpg?oh=2f7ad72fa36fc026ad2bdcc1b0284146&oe=55C87432
I am frustrated with this issue, what could be the solution of it?
What i came to know from other community about this issue is
"You should not store Facebook CDN URLs for long time use – they can change over time.
Either request the actual image and copy that to your server – or request the current CDN URL regularly.
(You might be tempted to try other workarounds, like extracting the actual image source URL from the CDN link, but I would advise against that – because the format of that might change at any time as well.)"
you can not store facebook Images url for a long time, it expires for security purpose, so it would be a better solution to store images in your server.
Haven't updated for a long time and don't know if this works as before
You should store the original image URL for sure, and use a 302 redirect parser to get the CDN URL, one example is https://scontent-ort2-1.xx.fbcdn.net/v/t45.1600-4/120202220_23846099766190042_1642096590788171162_n.jpg?_nc_cat=108&ccb=2&_nc_sid=2aac32&_nc_ohc=CE0J2Ao5cYkAX_JJ0Me&_nc_ht=scontent-ort2-1.xx&oh=f48cbb1bec21e685e0cbaaf6782a61a1&oe=5FE056E5 and we can just guess oe=5FE056E5 means the expiration, as 5FE056E5(hexadecimal) -> 1608537829(decimal, in UTC), if you interpret this timestamp you will find the time is about a month later, and maybe we can guess the expiration is about a month after getting the CDN URL? To another similar case, you can refer to: https://stackoverflow.com/a/27596727/4721007
I have a page I cannot fetch the public profile image from. Why is that, and why does it happen?
The page in question is: (WARNING: NSFW-ish images of strippers, real sorry, only example I could find - no need to view the page anyway)
https://www.facebook.com/pages/Texas-Poolhouse/98758030102
I can access the page through the graph API. Notice that the results tell me the ID is 98758030102, as expected:
https://developers.facebook.com/tools/explorer/?method=GET&path=98758030102
And even get the image URL this way too:
https://developers.facebook.com/tools/explorer/?method=GET&path=98758030102%2Fpicture
However, using the ID, I cannot fetch the image the way I normally do. I just get a blue question mark:
http://graph.facebook.com/98758030102/picture
Are you sure you're using an access token from a user who can see the page? I can see the correct image when using my own access token - if you're not using an access token you're limited to the information which is publicly available and given the nature of the page it's probably limited to adults only because of its alcohol and/or stripper content.
I realize that this is an old question but I will add my answer for future searchers since this worked for me.
You say that using this as the image URL does not work. http://graph.facebook.com/98758030102/picture
Well I got curious and changed the http:// to https:// and entered my page ID in place of yours and it worked.
I am assuming by turning the connection secure it allows the graphi api to fetch the image.
This URL should work.
https://graph.facebook.com/YOUR_PAGE_ID_NUMBER/picture
Adding the access_token GET parameter to the url makes sure users who are allowed to view the page image will see it (18yo++ in this case). I have, however, not found a way to, through the API, determine when or why pages are not accessible by certain users.
I'm trying to implement a feature like that where a user inputs a url and when displaying that url I want to have a custom display (an embed object if it's a video from youtube, a thumbnail if it's an image link, title and excerpt of body if it's a normal link).
How can such a feature be realized?
There is a new idea called oEmbed that a few sites support (Flickr, Vimeo and a few others) that addresses this problem. oEmbed site
Otherwise, just check the site against a list of ones you pick and then pull out the relevant bits to construct an embed link.
I liked the idea of oEmbed a lot but unfortunately it doesn't has that much adoption yet.
oohEmbed tries to solve this issue by building oEmbed for many websites.
For the feature to work, it needs the server's interaction where I believe the following scenario is how it works
Assume that we have the site humanzz.com and that it provides such feature
A user enters a url on the humanzz.com's webpage and presses a button like facebooks' preview button
An AJAX call is made to a dedicated page on humanzz.com
humanzz.com does calls the remote website and gets its data
The AJAX call now returns the page's data (oEmbed JSON object)
This involves so much server's overhead.
I really wanted to do it using JavaScript as the server's role was only to bypass "Same Origin Policy"'s restrictions.
oohEmbed allows bypassing the server's step by specifying a callback parameter to oohEmbed so that the JSON object returned is passed to a callback function on your page.
An example illustrating this is as follows
Add a script tag dynamically to your page
< script type="text/javascript" src="http://oohembed.com/oohembed/?url=http%3A//www.amazon.com/Myths-Innovation-Scott-Berkun/dp/0596527055/&callback=myCallBack">< /script>
This would result in executing myCallback(oEmbedJSONObject) which is great.
The problem with that solution is you still have to have a fallback for websites that don't have oEmbed representations.
For the embedded things, I have been using auto_html ( https://github.com/dejan/auto_html) with great success (vimeo, youtube, images) and even added soundcloud myself. But I am still looking for a "thumbnail" generation with an image and text facebook-like.
I guess you have to construct it by yourself by manually parsing the kind of URL you get.
If it is an image url, well then you just have to rescale it and in case the user clicks on it, then handle that by opening the original one somehow.
If it is a link to some youtube video, then you have to take a look at how the embedding of Youtube videos works. You can just copy the code that is provided by Youtube itself, and then exchange the parts with the URL to the video with the URL you got from your user.
I did never implement something like that, but I assume it should work somehow like this.