I am trying to create an opensocial.DataRequest from within an iFrame running on my locahost, but the call is getting mangled.

The Request call ends up pointing to this URL:

"http://localhost/OpenSocial/opensocial/v1/OWNER/profile.JSON?opensocial_token={TOKEN}&opensocial_surface=canvas&detailtype=BASIC"

 But, of course, that won't work. Is the opensocial.DataRequest only supposed to work for MS Apps that are running ON MySpace?

The code I am using is EXACTLY what is demoed (and working) on the opensocial tool page for "Example: Hello Me"

http://developer.myspace.com/modules/apis/pages/opensocialtool.aspx

var os;
var dataReqObj;
var html = '';
var heading = '';

function init() {

    os = opensocial.Container.get();
    dataReqObj = os.newDataRequest();
    var viewerReq = os.newFetchPersonRequest(opensocial.DataRequest.PersonId.VIEWER);
    dataReqObj.add(viewerReq);

    dataReqObj.send(viewerResponse);

}

function viewerResponse(data) {
  if (data.hadError()) {
    var data2 = data.get(opensocial.DataRequest.Group.VIEWER_FRIENDS);
    alert(data2.getErrorCode() + '\n' + data2.getErrorMessage());
  } else {
    var viewer = data.get(opensocial.DataRequest.PersonId.VIEWER).getData();
    var heading = 'Hello, ' + viewer.getDisplayName();
    var thumb = viewer.getField(opensocial.Person.Field.THUMBNAIL_URL);
    var profile = viewer.getField(opensocial.Person.Field.PROFILE_URL);

    document.getElementById('heading').innerHTML = heading;
    document.getElementById('main').innerHTML = html;
    document.getElementById('loading').style.display = 'none';
  }
}

My end goal for this whole thing is to be able to verify that the ownerid being passed into my iFrame hasn't been altered by the user. I need to get the current logged in user's ID from MySpace (since I can't securely rely on the query params passed into the iFrame)

OK, so I'm using the JavaScript library and the this.endpoint_ reference in MyOpenSpace001.Core.v07.js refers to OperationModes.AUTO, which does a regex match on the URL to see where it should send the API query. This works for the MySpace dev team to test their code but doesn't work for 3rd parties.

Is there a way to override this so it points to MySpace rather than to my local box without manually munging up the MyOpenSpaceCore code?

If I change the MyOpenSpace.OperationModes.AUTO to MyOpenSpace.OperationModes.PRODUCTION on line 1668, it fails the query again ("Access to restricted URI denied"), trying to authenticate against http://api.msappspace.com.

Shouldn't I be hitting http://api.myspace.com with it?

Perhaps there's an easier way for me to call myspace with the opensocial_token and oAuth_Sig I get passed into the iFrame to fetch the current user's MySpace ID... anyone?

I am having this exact problem too. I had to manually set the MyOpenSpace.OperationModes to PRODUCTION by editing the JS file, but then I get the "Access to restricted URI denied" error trying to authenticate against http://api.msappspace.com.

Does anyone have a solution?

 i'm having the same issue. except i know for a fact that msappspace is deprecated and http://api.myspace.com is the new url. i've changed MyOpenSpace.OperationModes to PRODUCTION _AND_ modified MyOpenSpace.EndPoint.Server.Production to "http://api.myspace.com" but I'm still getting "Access to restricted URI denied"

High level - I'm trying to make a "requestSendMessage" call from an iframe. someone please help!!!! :)