I've been working on a problem for the last day and a half now and have still yet to find a solution.
When visitng my game on facebook (which is in facebook's iFrame) php sessions don't work. This is for IE and Safari. Chrome works fine.
I've already read all the posts on stack about this problem, which seems to be down to third party cookie security and needing interaction with the iFrame first. There was a workaround by making javascript post some form data to the iFrame first, but this seems to have been 'fixed' in the latest versions of the browsers very recently as this no longer works.
I even tried implementing a start page that would require them to click a link first (in the iFrame) to load another page which would then create the session. But even THAT doesn't work.
I'm also having trouble even loading new pages in the iFrame using javascript, which seems to always cause infinite loop refreshes.
And no, P3P headers do NOT solve it.
Does anyone have a solution to this problem? I can't be the only one with it, considering how many facebook apps exist!
I came across this problem using a client that had "Accept third party cookies" disabled. My solution was to force PHP to embed the session ID into the URI by putting this line at the start of each page:
ini_set('session.use_trans_sid', true);
As the URLs are in iframe within Facebook the SID is not seen in the top window.
For IE, you will need the P3P Headers set. Something like:
<?php header('P3P: CP="CAO PSA OUR"'); ?>
Safari blocks 3rd-party cookies by default. Currently, the only work-around that is working for me is to "pop-up" a new window to set the cookies. I have something like this:
<script type="text/javascript">
function safariFix(){
if (navigator.userAgent.indexOf('Safari') != -1 && navigator.userAgent.indexOf('Chrome') == -1){
window.open('https://yourdomainname.com/safari.php', 'Safari Fix','width=100,height=100');
}
}
</script>
And safari.php will have this:
<?php
setcookie("safari_test", "1");
?>
<!DOCTYPE html>
<html lang="en">
<head>
<title>Safari Fix</title>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
</head>
<script type="text/javascript">
$(document).ready(function(){
window.close();
});
</script>
<body>
Since Safari does not accept third-party cookies by default, we are forced to open this window.
This window will automatically close once we have set the cookies.
</body>
</html>
PROBLEM: This won't work if users have "block pop-ups" enabled in Safari. If anyone has a better solution for this, inform me ;)
Related
My client has an old website on freeserve.co.uk (dodgy and free, now belongs to Orange but no support). I want to redirect all pages on the old site to newdomain/index.php. The index page on the old site is index.htm, however most other pages are .html.
Whatever I try the 301 redirect doesn't seem to work. Has anyone come across freeserve before?
You want to redirect the user when they load the page, here are some examples.
Here's the main example
<head>
<script type="text/javascript">
<!--
window.location="http://www.newlocation.com";
//-->
</script>
</head>
but there are a few other options depending what behaviour you're after.
I'm calling FB.login() on a click event in my application. The dialog pops up as expected, but when the user is done logging into Facebook (and/or authorizing the app), the dialog does not close. Instead it loads a white page (inside the dialog) and the title changes to XD Proxy.
This only happens on Google Chrome (I'm using the latest version available right now for Windows 7).
This doesn't happen if Chrome is in Incognito mode.
The fb-login 'social plugin' works fine on Chrome.
To test/debug this further, I created a new Facebook App with vanilla settings. The only change I made was set the Site URL in the app settings. Here's HTML code that you can use to recreate this bug.
Sample Code for recreating issue
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Chrome Bug Test</title>
</head>
<body>
<button onclick="dologin()">Login using Facebook</button>
<div id="fb-root"></div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<script>
FB.init({
appId : '[YOUR APP ID HERE]',
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
</script>
<script type="text/javascript">
function dologin(){
FB.login(function(r){
if(console && console.log) {
console.log(r);
}
});
}
</script>
</body>
</html>
Facebook Settings that I've tried changing
Setting a site domain, didn't change anything.
Using a custom channelUrl and channel file, didn't help either.
Related bugs tracked at Facebook
http://bugs.developers.facebook.net/show_bug.cgi?id=14789
https://github.com/facebook/connect-js/issues/269
http://bugs.developers.facebook.net/show_bug.cgi?id=12112
http://developers.facebook.com/bugs/278247488872084
Related issues here on Stack Overflow
Blank popup with FB connect
facebook connect blank pop up on chrome
Facebook Connect Login redirecting in Chrome and Safari
https://stackoverflow.com/questions/4423718/blank-page-with-fb-connect-js-sdk-on-after-permission-request
Facebook connect showing blank popup on login in Internet explorer 8
Facebook login popup window stays open when using Fb.login in IE
JS SDK FB.login() works but pop-up dialog is staying open after logged in
Facebook login hangs at "XD Proxy" when page is installed via Chrome Web Store
XD Proxy Facebook
XD_Proxy popup won't close
I've seen many people come across this, but what bugs me is that I haven't been able to find a concrete fix for this. Facebook hasn't responded to bug reports yet. One solution would be get rid of Javascript based authentication code and do it solely using serverside mechanism (Facebook PHP SDK). I'd like to avoid that due to time constraints.
Anyone have any ideas how to fix this?
I got a similar call to FB.login() to close the dialog box by changing
onclick="dologin()"
to
onclick="dologin(); return false;"
Given the age of this post, I am guessing that the poster has solved this; however, given that this is also a resource for others searching to resolve similar issues, I thought that I would include my experience just in case.
I found out that what was causing this same issue symptom for me was accidentally forgetting to include event.preventDefault(); in my "click" listener handler in jQuery. The facebook login dialog was popping up and allowing me to log in but not disappearing. The issue was that the website was performing the default form post action, which was interfering with the facebook call-back function.
I had the same exact problem. I did two things, first I added this line right before the FB.init() call:
FB.Flash.hasMinVersion = function () { return false; };
Then I went into the FB app page and added the Site Domain (i.e. test.com).
I think the site domain setting was the key, but I am not 100% positive. All I know is that it seems to always close now in all browsers including Chrome.
Short answer relating to question above:
Load the all.js script over https.
<script src="https://connect.facebook.net/en_US/all.js"></script>
Longer answer if you are troubleshooting a similar issue to the original question:
Use Google Chrome to attempt the login. Once you have logged in and have the blank pop-up window hanging up on the screen, press F12. This brings up the developer tools for Chrome. Click the Console tab, and you will hopefully see the error. What you will likely see is related to XD (cross-domain) issues.
Even if your particular issue is different from the issue I was having, the above should lead you in the right direction.
My issue/solution was specific the Facebook C# SDK v6 documentation - the tutorial code loads the all.js script using a URL that begins with // - which then loads the script from the same scheme as my site (which was http). After I logged in, the pop-up tried to redirect me back from the https Facebook login to my http site and bingo, we have the XD issue. The solution was to specifically load the scripts from https://connect.facebook.net/en_US/all.js as follows:
// Load the SDK Asynchronously
(function(d){
var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0];
if (d.getElementById(id)) {return;}
js = d.createElement('script'); js.id = id; js.async = true;
js.src = "https://connect.facebook.net/en_US/all.js";
ref.parentNode.insertBefore(js, ref);
}(document));
Edit:
After some consideration, this approach of allowing a redirect to http might compromise the security of the system by allowing the data in that request to be read by someone else and then to be re-used. I couldn't find any relevant documentation or examples and so I could not conclude one way or another, YMMV.
Calling this snippet after FB.init fixed the issue for me. But other solutions seem to have worked for different cases.
$.browser.chrome = /chrome/.test(navigator.userAgent.toLowerCase());
if ($.browser.chrome || $.browser.msie) {
FB.XD._origin = window.location.protocol + "//" + document.domain + "/" + FB.guid();
FB.XD.Flash.init();
FB.XD._transport = "flash";
} else if ($.browser.opera) {
FB.XD._transport = "fragment";
FB.XD.Fragment._channelUrl = window.location.protocol + "//" + window.location.host + "/";
}
I've been experiencing the same issue in IE9, and it seemed to stem from upgrading to Flash Player 10. The answers suggested already did not work for me and I'd lost hope in trying to fix it since finding an open bug at Facebook covering it. But Henson has posted an answer on a similar question that fixed it for me. In the JavaScript in my site master I removed these lines
FB.UIServer.setLoadedNode = function (a, b) {
//HACK: http://bugs.developers.facebook.net/show_bug.cgi?id=20168
FB.UIServer._loadedNodes[a.id] = b;
};
and now it works. (N.B. I have not checked to see if the IE8 issue those lines were intended to overcome returns.)
Hey guys, I have developed a small site that i would like to embed into a tab on a facebook page.
Previously I used this code to load in an iframe, it worked great:
<a onClick="outside_location.setInnerFBML(link_1);" style="cursor: pointer;">Link 1</a> | <a class="red" onClick="outside_location.setInnerFBML(link_2);" style="cursor: pointer;">Link 2</a>
<div id="outside_location"></div>
<fb:js-string var="link_1"><fb:iframe width="760" height="1280" frameborder='0' src='http://www.WebWhispers.in' /></fb:js-string>
<fb:js-string var="link_2"><fb:iframe width="760" height="1280" frameborder='0' src='http://google.com/' /></fb:js-string>
<script type="text/javascript" charset="utf-8">
var outside_location = d
document.getElementById('outside_location');
</script>
However, it has stopped working. I dont think facebook allows iframe inside of pages, only applications.
How can I load this page in without learning FBML? The site uses Jquery so I cant use FBML anyway.
I know applications can use iFrames, can I make it an application and then embed the application into a page tab somehow?
No. Tab pages can not contain iFrames. They must be written using FBML and FBJS.
One reason for this is that Facebook does not want to enable Tab pages to detect who looks at them. All requests (including images) on tab pages are proxied through Facebook for this reason. If iframes were allowed then the application would be able to detect who looked at it, which would present a privacy issue for Facebook users.
This is either a policy change by Facebook or, more likely, a bug. I say it's unlikely to be a policy change as it throws a script error, whereas a policy change would more likely strip the code out before it's rendered.
There's a bug report you can add votes to and follow here.
As I understand it, Facebook's FBML should render html. But mine isn't. Here is my source code after viewing the page in the browser:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2008/fbml">
<head id="Head1" runat="server"> <title>test</title>
</head>
<body onload="initFB();">
<script src="http://static.new.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php"
type="text/javascript"></script>
<fb:login-button v="2" size="medium" onlogin="window.location='test.aspx'">Login with your Facebook account</fb:login-button>
<script type="text/javascript" language="text/javascript">
function initFB() {
FB_RequireFeatures(["XFBML"], function(){
FB.init("464 ... my api key here ... b62", "xd_receiver.htm");
});}
</script>
</body>
</html>
Here's the page: http://www.rebelstudent.com/test.aspx
Could it be the server? Is there any change that my host is blocking communication with Facebook somehow? Doesn't make sense because the facebook connect kinda works...the popup windows just doesn't go away. I'm pretty sure it's because these FBML tags aren't being rendered properly and so the "onlogin" function isn't getting called...
Anway, I'm new at this. Any help is appreciated because the facebook developer forums seem kind of dead.
I haven't done any work on Facebook so I don't have a direct answer for you, sorry. However, have you tried starting with a "Hello World" app? Basically remove everything that is not absolutely necessary for Facebook and try to display the text "Hello World" to the screen. Remove the script, the header, fb button, etc.
If you are able to get "Hello World" working, then just add small pieces of the application back in until it breaks. Then you will know exactly what it is that is breaking the output.
If you are not able to get "Hello World" to work, then you are missing a basic requirement. Perhaps somebody else will know what that is.
Well it looks like I need to always use "www" in front of my domain. That was my issue. rebelstudent.com/test.aspx doesn't work but www.rebelstudent.com/test.aspx does. Thanks for everyone's help!
More than likely the problem is your render method for your canvas is set to an IFrame (instead of FBML).
Go here: http://www.facebook.com/developers/apps.php
Click on 'Edit Settings'
Select 'Canvas' in the left navigation
Underneath the 'Canvas Settings' heading, select 'FBML' for the 'Render Method'
FB_RequireFeatures(["XFBML"], function() {
FB.Facebook.init("key", "/xd_receiver.htm");
FB.Connect.requireSession();
FB.ensureInit(function() {
FB.Connect.showPermissionDialog("offline_access,read_stream", function(x) { alert(x); window.location = "/myAuthorizeApp"; });
});
});
It doesn't do quite the same thing as you're trying to achieve, but I found I needed to require XFBML to get the the other JS functions to work properly, strange enough.. Also, look into rendering XFBML server side.
I do IFrame application for facebook.
Problem is: any link inside it causes redirect loop
Link is: http://mydomain/mypage?fb_sig=[what I got from $_GET['fb_sig']]
(to test I link to the same page as my loaded canvas is loaded from)
when I click on it, my server returns:
<script type="text/javascript">
top.location.href = "http://www.facebook.com/login.php?api_key=5dc632fcef992470341178f492f79b93&v=1.0&next=http%3A%2F%2Fthiismydomain%2Ffacebook%2F%3Ffb_sig%3D96a5c47f133eadcfbba4abf82e5311e0%26page%3D1";
</script>
then it goes to corresponding page, and facebook returns
Location: http://thisismydomain/facebook/?fb_sig=96a5c47f133eadcfbba4abf82e5311e0&page=1&auth_token=ce4cf4968f91cace5b3e915f5b658984
then, my server replies with
<script type="text/javascript">
top.location.href = "http://www.facebook.com/login.php?api_key=5dc632fcef992470341178f492f79b93&v=1.0&next=http%3A%2F%2Fthisismydomain%2Ffacebook%2F%3Ffb_sig%3D96a5c47f133eadcfbba4abf82e5311e0%26page%3D1%26auth_token%3Dce4cf4968f91cace5b3e915f5b658984";
</script>
and back, facebook replies:
Location: http://thisismydomain/facebook/?fb_sig=96a5c47f133eadcfbba4abf82e5311e0&page=1&auth_token=ce4cf4968f91cace5b3e915f5b658984&auth_token=77df653b7949ca39c1a226c82cce8add
and it goes on and one without end.
Should I say that this redirect responce from my server is generated automately (most probaby my facebook php lib)
I have no more ideas why this happends. Any ideas?
I had a similar problem, where getSession() returned nothing, and thus sending me out on an infinite redirect loop. I solved it by enabling OAuth 2.0 in the settings for the application, as stated here:
http://forum.developers.facebook.net/viewtopic.php?id=64656
Ok, if you recognize the problem, here is the solution:
fb_sig is not the only param to be passed manually. Whole fb_sig* should be passed. Read more at this beautiful page http://www.foobots.net/breakouts.html