Archive for September, 2007

The Profile Box is Sandboxed

September 21, 2007

Even though the profile box is the representation of a Facebook app that you will see the most, it is actually a pretty isolated chunk of FBML. This is very intentional, for all sorts of security and performance reasons.

  • You can’t put an iframe in a profile box.
  • Any images are cached through Facebook.
  • The profile box content is set from your server, so when it is viewed that content is spit out. Your server isn’t queried when someone views their profile containing your app’s profile box.
  • When someone views a profile page, no external queries can be made.
  • Nothing can ‘happen’ when someone merely views a profile page. They need to view a canvas page, push or button or something for the application to have a stimulus for a response.

This limits what information Facebook applications can gather about usage, but it’s actually a really good thing.

Advertisements

The Callback Page

September 19, 2007

I find it rather annoying that one of the first, most fundamental areas you need to learn about Facebook application development is so poorly documented: the calls made from Facebook to your ‘callback’ page.

This messy page is the best documentation I’ve found so far: Your Callback Page and You

Most Facebook documentation involves the large variety of ways that your server can talk to Facebook, but at the beginning I am much more interested in just handling the request sent from Facebook to my server that actually displays something to the user. I.e. “Hello world!” These parameters are parsed and thinly disguised by the various client libraries, but really warrant a close look when you begin developing Facebook apps.

First of all, check fb_sig_in_canvas to make sure that this call is actually a pageview (a user views an application page on Facebook, and a sub-request is made to your server to get the canvas page). I assume that this will be false when Facebook is sending asynchronous updates to your server. (BTW, contrary to what the above wiki page says, I didn’t receive the “installed=1” callback from Facebook when adding my application.)

fb_sig_added tells you whether the person viewing an application page on Facebook has added your application. If you want them to add your application before viewing a canvas, return this FBML:

<fb:redirect url=”http://www.facebook.com/add.php?api_key=YOUR_APPS_API_KEY”&gt;

(Note: Some of this may be different when using iframes, which I haven’t tried yet.)

tells you who is viewing the page. Keep in mind from the very beginning that there are usually two users you want to be aware of in every single transaction: the Visitor and the Author. Only paying attention to the Author is one of the reasons that there are so many security flaws in Facebook apps.

FBML and CSS style tags

September 17, 2007

It seems that FBML markup is not allowed within <style> content, so this works:

<fb:wide>
  <style>
   .makespace { margin: 10em; }
  </style>
</fb:wide>

but this doesn’t:

<style>
  <fb:wide>
   .makespace { margin: 10em; }
  </fb:wide>
</style>

More FBML/CSS notes: [ref]

  • FBML does not allow the usage of the link tag
  • FBML removes all @ rules in the CSS

Statement of Purpose

September 17, 2007

This blog is for keeping track of a variety of notes, rants and observations while I learn more about Facebook Application development. There isn’t much information out there yet, so perhaps some of the tidbits I come up with here will be of use to other Facebook developers.

So, why am I learning to write Facebook Apps?

  • I’d like to write some Facebook apps that plug into Worldisround
  • Facebook is really popular right now, so there is a lot of opportunity to grab eyeballs, which can help me
    market some of my upcoming businesses.
  • It’s relatively easy to reframe any existing webapp as a Facebook App.
  • It’s good practice at rapid application development. I’ve been focused on rock-solid uber-scalable enterprise stuff (i.e. Worldisround) for so long that it is refreshing to see how quickly I can go from idea to implementation.
  • I could get contract work writing Facebook apps.
  • Social value. I can quickly write some code that my friends might actually use.

I wrote my first Facebook app Empty Space over the last two days, quickly moving from serving some static HTML to incorporating the Facebook Java client into my Animist codebase. Empty Space is an eye- and mind-refreshing application, with ample whitespace and mostly Zen-like quotes, to contrast the hustle and bustle of the rest of Facebook. But apart from skimming my Zen books for some more pithy quotes, it is pretty much finished now.