Why are my S3 images are not valid for Facebook Javascript SDK?

Question

I'm running into a error with the Facebook SDK which appears to be related to the permissions on my S3 bucket. I'm using Ruby on Rails with the Paperclip gem with Amazon S3 for storage.

Right now I have the dialog setup like so:

FB.ui({
    method: 'feed',
    name: "Check out this project on WorkHands",
    picture: "https://workhands_images.s3.amazonaws.com/images/avatars/1100/original/2013-08-05_04_13_28__0000.jpeg?1376351034",
    link: link.attr('href'),
    caption: 'Work by',
    description: "hello",
    display: 'popup',
    redirect_ui: window.location.origin
}

The reason why I think it has something to do with S3 is that I can pass in an image url from another src not on S3 (even from google images) and the dialog works perfectly fine.

My understanding is that Paperclip sets the ACL of each object to public_read by default. https://github.com/thoughtbot/paperclip/blob/master/lib/paperclip/storage/s3.rb

I have tried setting a bucket policy similar to the example here: http://ariejan.net/2010/12/24/public-readable-amazon-s3-bucket-policy/

But that didn't seem to fix anything.

For the image above, when I call s3object.acle.grants.inspect, I get XML like this:

[<Grant><Grantee xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"CanonicalUser\"><ID>0e77d1de2a82b95d7b735e0071296ef5f903fa17ba0b98ecfe5ab2d36a8f17d0</ID>

cush4437FULL_CONTROL, http://www.w3.org/2001/XMLSchema-instance\" xsi:type=\"Group\">http://acs.amazonaws.com/groups/global/AllUsersREAD]

Answer 1

It turns out that Facebook throws this error because of the source url has two subdomains. see https://stackoverflow.com/a/7320178/1296645

mybucket.s3.amazonaws.com - throws an error

s3.amazonaws.com/mybucket - works fine