From Facebook Developer Wiki

Ques : If we include the FeatureLoader considering an iframe application and than the user goes out by clicking a link directly to the respective site rather than inside a facebook Iframe, than doesn't that mean we need to dynamically detect if we are top domain or inside facebook Iframe and appropriatly load the FeatureLoader ??

I have can get the sample code to work in all browsers BUT IE6... this is very frustrating. Anyone else have this problem? If so, any solutions?

So far when using 0.4 of the library I've been unable to make a callback for friends.get execute, can someone please confirm, here is a test

--522767188 23:37, 25 August 2008 (PDT)

I authorized your app, and checking Firebug, my friends show up in the console, but don't get displayed.

I talked with an engineer here and he said you need to initialize your site. Call FB.Facebook.init -- and pass your API key and the path to the channel/xd_receiver.htm file -- http://www.somethingtoputhere.com/therunaround/documentation/ConnectJsApi/T_FB.Facebook.html

Also, FB.Facebook.apiClient only takes the API key now.

Thanks Pete, I should of checked the docs.

--522767188 23:05, 28 August 2008 (PDT)

WARNING: This library overloads the Array prototype, it will very likely BREAK any of your code that uses Arrays! I hope they fix this, it would surely be handy, but as it is, NO WAY!

BUG IN SAMPLE CODE: Looks like the recent changes in friends get API caused the sample code to break. friends_get method now takes not one, but two paramaters. first one is a friends list ID (flid) that must be set to null if you don't use this feature of the API.

The sample seems to run with this change:

api.friends_get(null, function....); 

Alexis 6 Feb, 2006

How does this work without requiring the app's secret key? Surely there's potential for abuse here, particularly with the Data Store API? --Bryan 06:59, 26 January 2008 (PST)

I just started looking into the Facebook API, but I think you would control it by setting the "IP Addresses of Servers Making Requests" option for your app. -- 7907848 16:54, 26 January 2008 (PST)

The JS client library redirects the user to Facebook, and Facebook redirects back to the app's official callback URL with a session key that's used in the actual FB API calls. A badguy imitating your app won't be able to get a session key because Facebook only passes the key to the legit callback URL. Clever on Facebook's part.

As I understand the model, it does allow clever users do stuff to their own account in your app's name -- for example, they could replace the FBML in your app's box on their profile with "haha i r00l", if you have an iframe app. Re: Bryan's question, seemingly that could allow naughtiness with the Data Store API for iframe apps that assume content of misc tables is secret from users. It may make cross-site scripting vulnerabilities a little more obvious to exploit.

Another curiosity: after reading about this today I realized it's always been possible to have Facebook apps hosted outside Facebook, by using JavaScript to break out of an fb:iframe (the server just had to make the API requests). I wonder whether that approach was OK according to Facebook then, and whether it is now. (Bryan points out below that Facebook apps on external websites are old hat.)

I'm a mite scared of this Script# stuff. The library works, but I wonder if they've drunk too much MS Kool-Aid, and whether there's any reasonable way to get compact JS out of Script#.551070112 22:26, 28 January 2008 (PST)

Apps outside of Facebook is nothing new. Before the API in it's current incarnation, that's all there was. Have a look in the app directory and there's a section specifically for external websites --Bryan 08:44, 29 January 2008 (PST)

Ah, so I see. Pretty basic -- silly me for not having looked at that earlier. 551070112 13:44, 29 January 2008 (PST)

Is anyone else a bit puzzled about the example code using the textarea? http://developers.facebook.com/news.php?blog=1&story=73

The output of the API call is never passed to the textarea. The popup works just fine though.

The Debug.dump() call should write to whatever object has id "_traceTextBox", in this case the textarea they created at the beginning. 4000103 13:52, 28 January 2008 (PST)

Here is the sample code for getting the current user’s friends list.

<!-- Output area to show the output from Facebook API -->
<textarea style="width:500px;height:300px;" id="_traceTextBox"></textarea>

<script src="http://static.ak.facebook.com/js/api_lib/FacebookApi.debug.js" type="text/javascript"></script>
<script type="text/javascript">
// Create an ApiClient object, passing app’s api key and
// a site relative url to xd_receiver.htm
var api = new FB.ApiClient('<insert_your_app_key_here', '/xd_receiver.htm', null);
        
// require user to login
api.requireLogin(function(exception) {

    window.alert(“Current user id is “ + api.get_session().uid);
  
    // Get friends list  
    api.friends_get(function(result, exception) {
      Debug.dump(result, 'friendsResult from non-batch execution ');  
    });       
});
</script>

Hmmm... does the code work for you?

There is an error in the javascript library (FacebookApi.debug.js). The photos_getAlbums method has in error in the last line. The name of the function to call has an extra space in the end which must be removed, otherwise you get an error "Unknown method".

The sample code on http://wiki.developers.facebook.com/index.php/JavaScript_Client_Library fails for me in FacebookApi.Debug.js on the line 4153:

_callMethod$1: function (method, parameters, executeUnit) {
 var jsonRequest = this._generateJsonRequest(method, parameters);
 if (typeof(executeUnit) !== 'function') {
   var pendingResult = new FB.PendingResult();
   executeUnit._api = this; <<<<<<<<<<<<<<<<<<<<<<<<<< executeUnit has no properties
   executeUnit._addStep(jsonRequest, pendingResult);
   return pendingResult;
 }

I've simplified the hasnler of friends_get call to be:

 api.friends_get(function(r,e) {window.alert("executed!");});

what's odd abut this is the condition

if (typeof(executeUnit) !== 'function') {

on the line 4151. Me reading of the code it looks like it should have went into an "else" clause since a funciton object is passed into friends_get method

anyone else has this issue?

I'm failing on function FB_ReceiverApp$main(), which is the function in xd_receiver.htm. It fails on:

var func = null;

55 try { 56 func = hostWindow.FB.XdComm.Server.singleton.onReceiverLoaded; 57 } 58 catch(e) { 59 func = null;

Ad exception is thrown: TypeError: hostWindow.FB has not properties message.

Anybody knows why?

Solved it! Apparently, my url string for xd_receiver.htm. I thought to give it as relative to the index.htm I used, but it didn't work, so I gave up an used an absolute URL.

Can anyone supply example code for using the fql_query method? I don't understand how one should use the returned (result) object. I thought it was supposed to be an xml object, but it doesn't respond to any of the standard methods (e.g. getElementsByTagName).

--DL, 26 August 2008

[edit] fb:iframe vs iframe application

"Applications that use this client library should be configured to load either directly for iframe-based applications or through the Fb:iframe tag for FBML-based application." I have had problems developing an fbml application with fb:iframe loading a page that uses the Javascript API. It works in Google Chrome, but fails in FF and IE. Is there any code that demonstrates how to get the Javascript API working within an fb:iframe? Or is there anybody that has been able to do it? Otherwise this should be changed.

-The Next Day

I resolved this finally. I had not specified the name attribute of the fb:iframe. My bad.

[edit] Detecting Events in Firefox

It appears that on a site using Facebook Connect, when you load FeatureLoader.js, it prevents Firefox from detecting events (resulting in an "ev is undefined" error). For an example of when this occurs, see: http://forum.developers.facebook.com/viewtopic.php?id=24758

Anyone have any idea of how to work around this? Thanks so much...

I'm baffled as to why someone would revert the fact that IE8 has already released. If the support isn't there, then say so, otherwise it just makes it look like the page is out of date, which it would not be, if someone would not revert the page.

It's there. The page has been updated. Pete (563683308 22:57, 5 May 2009 (PDT))