The facebook graph api (graph.api.com) resolves to 173.252.101.18 almost every time. However, in some cases the DNS result ends up in 69.171.228.44. The latter host does not respont, is not ping-able and thus, sometimes API requests fail.
A friend (which is a facebook app developer as well) confirmed this behavior with his server. Another friend's DNS simply did not resolve to 69.171.228.44, so he had no problems.
What could i do? any suggestions?
You could try to intercept the cases where it fails and retry resolving or just use a static preprogrammed IP (if you notice failure). It's just a stop-gap method but it seems to me the problem lies with facebook's (DNS) servers so a full fix of the problem at your side is difficult
Related
Note: Solved - question makes no sense, my understanding of CORS was incorrect and lead me to ask this question.
The answer is simple as pointed out by #CBroe below - CORS needs to be configured on the game server (in the example in this qestion).
I have a Facebook WebGL game that I'm wanting to host using Facebook's simple hosting (https://developers.facebook.com/docs/games/services/contenthosting/).
Is it possible to use Facebook's Simple Hosting for a WebGL game and still contact my web server (mygamedomain.com)? Is there somewhere in the FB app config to specify domains to allow?
Is the only way to get around this to serve the game from mygamedomain.com also?
I'd really like to avoid serving the game from my webserver if possible.
Any ideas or suggestions?
Not doing so will generate an error as expected:
XMLHttpRequest cannot load https://mygamedomin.com/mygame.php. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://apps-1287636812638.apps.fbsbx.com' is therefore not allowed access.
Just to be clear as there seems to be some confusion:
Game is hosted by facebook using their "Simple Hosting" service, not on my own server, .
I know CORS is the solution - the question is - does Facebook allow/support this? If so where do I configure the domains to allow.
If this was on my own server I the answer is trivial - CORS. But it's not.
There are hacks to circumvent cross-origin restrictions - I'm not looking for these. There's plenty of resources already covering these.
Edit: changed the title to more accurately reflect my question.
CORS is the solution to your problem here.
This question/the answer is not Facebook specific - the issue would be the same with any other domain serving your content, that is different from your own.
Your client-side code is hosted under the Facebook domain, and tries to make a request to your domain - that is the cross-domain part. Your domain is the party that holds the power to either allow or deny this request - by default, it would be denied, but by responding with the appropriate header, your server can signal to the browser, "yes, that's ok, he [your code running under facebook.com] is one of the good guys ..."
So you need to configure this on your server, that you want to make the request to.
I have an application that goes and gets a users messages from their facebook account, but I've hit an error.
The user in question has a thread between him and me in his inbox, however it doesn't show up in his API call to /me/inbox with his specific access_token.
I do have a valid token (it works for all other calls), and I know it should be working fine (I am opening it in my browser directly to debug, and the data just does not exist).
There is no second page to view, no limit or timestamp imposed upon it, just missing data.
For testing, we do have every single API permission offered, so I know it is not a permissions problem.
Does anyone have any idea why this could be happening, and how to fix it?
I was struggling with the same problem. I found that using the `/me/threads' endpoint delivers much more complete data.
Update:
However I found out that this endpoint is not available to non-developers for the time being:
https://developers.facebook.com/docs/reference/api/thread/
I want to delete record of those peoples who have remove app from their application's list, to do this I have entered that URL where I make a code to delete record of active user from my database in de-authorize callback. But still I'm unable to de-authorize users from by db.
Edit: See Facebook Deauthorize Callback over HTTPS for what my original problem really was. Summary: Improper web server configuration on my part.
Original answer was:
One potential problem has to do with https based deauthorize callbacks. At least some SSL certificates are not compatible with the Facebook back end servers that send the ping to the deauthorize callback. I was only able to process the data once I implemented a callback on an http based handler.
Some things to check...
That the URL of your server is visible from facebook's servers (ie not 192.168 or 10.0 unless you've got proper firewall and dns config).
Try using an anonymous surfing service and browsing to the URL you gave facebook - do you see a PHP Error?
Increase the loglevel for PHP and Apache/IIS to maximum and see if you get any more information
We can't do much more unless you give us your code...
The company I work for has recently installed a Apache staging server which uses Apache's mod_access module to prevent unwanted access to our staging environment.
One of the downsides of this is that Facebook, when trying to scrape the page for the opengraph metatags, comes up empty with the following error.
Error Scraping Page Bad response code
Which is to be expected since the scraper bumps into the authentication dialog.
My question now: is there a specific IP range that we can allow access
to the website?
We've looked at allowing certain headers, but that seems a little prone to header manipulation in order to bypass the security layer.
The access log did show one IP address, but I assume that Facebook uses multiple servers to scrape all these pages and I seem to remember reading that these IP addresses tend to change over time.
Any ideas?
Facebook has published their IP range here.
getting the error {"error":{"message":"(#100) Can only call this method on valid test users for your app","type":"OAuthException"}} whenever trying to write to any facebook end point. Reading (GET) works fine, writing (POST) fails. Does anybody know how to resolve this?
I have also opened a ticket on FB dev site:
http://developers.facebook.com/bugs/184198634991192?browse=search_4e93328871c8a3231774584
The problem does not occur is I would shoot the POST request from my browser as if I am the user.
The problem does occurs only when sending from our servers on behalf of the user from one of our dev machines which have other subdomain names instead of www (such as dev1.blablabla.com & dev2.blablabla.com, while the app is registered to www.blablabla.com).
So the question is, does facebook attempt to do a reverse DNS lookup on all write requests to verify the source?
I believe your requirement is to get the user details of the owner of Facebook access token (normally the currently logged in user)
For that you have to issue a GET request and not a POST request.
The reason why it works when fired from the browser is that when you submit a query through the address bar it is send as a GET request, and when sent from your server it is send as POST and fails producing the error message mentioned in your post.
Facebook doesn't do a reverse DNS lookup on your write request and not need to configure anything in your server related to it.
Hope the answer is clear enough for you.