If I have an app on facebook that's pulling the content from http://example.com for instance, is there a way I can stop people visting the example.com site and instead redirect them to the facebook app page?
Facebook is sending a POST variable called signed_request when the page is opened within a Fan Page Tab or the Canvas page of your App. Simply check if the POST variable is there and redirect to your App's Canvas page if not ;-)
Here you can read a bit how the signed_request is used inside an App.
Kalvin is close. Props to Kalvin :)
Setup your website to default to index.html
Move the real content of your site from index.html to index-fb.html
In index.html then place either the meta tag for redirection or just javascript for location.href='' script for redirection. The url to redirect to will be in the https://apps.facebook.com/{yourappname} format.
In facebook, update the app settings canvas app url from http://example.com to http://example.com/index-fb.html
1) Pull your content from your website from a subfolder
2) Redirect them from the index.html using a meta tag:
http://www.web-source.net/html_redirect.htm
A better way would be to check if the content is being displayed inside facebook and then redirect but I have no idea how to do that
Edit the .htaccess or conf.d file on your Apache web server (or the rewrite rules in IIS) to give a 301 Permenant Redirect.
Assuming you have Apache:
1.) Log into the box using ssh or some terminal emmulation program
2.) cd /etc/httpd/conf.d
3.) Locate the the configuration file for your site, edit it using vi, emacs, nano, or some text editor
4.) See here on how to write the rewrite rule.
Related
I am working on ponds site and want to open the below mentioned url: www.ponds.co.id/Products/Category/Whitening-2.aspx
But this page is always redirected to default page : www.ponds.co.id.
How can i stop this redirection in dnn?
Thanks,
#John - Without some more info this is a bit hard to diagnose. Things I would check:
That the page settings does not have a redirect to the home
That the page allows visitors (i.e. security is not restricting them)
That you are not getting some errors in the event viewer that would explain it.
i have javascript game on my facebook tab.
When user is done with the game, it has option to submit his name and so on - it's done by clicking on a link that leads to same domain, even same folder where my app is located, it's just different file with form.
But I'm getting Refused to display document because display forbidden by X-Frame-Options in every browser except google chrome.
What m'i doing wrong ?
Adding:
Header always unset X-Frame-Options
to my the top of my .htaccess file helped me fix this issue on a shared hosting site where a Facebook Page Tab APP was located.
I have a web site already integrated with Facebook login, using server-side authentication.
I have an issue to turn it into an application running under Facebook.
The problem is that Facebook does not show the authentication page at all
Therefore, I am not even getting to the server authentication process for real.
Right now, the application is running on my local machine.
My app is defined as Facebook Application: (adding blank before localhost for site security purpose only)
Canvas URL: http ://localhost:4300/fbopt/
Secure canvas URL: https ://localhost:4303/fbopt/"
[same problem happens when running in a Sandbox, without Secure URL]
I have a "fan page" with "Go to App" button there.
Pressing a button leads me to the URL:
https://apps.facebook.com/[appid]/?fb_source=timeline
The browser starts loading the page with the frames.
The lower frames makes the POST request to the URL I provided.
My application redirects the page to the following URL:
https://www.facebook.com/dialog/oauth?client_id=[appid]&redirect_uri=https://localhost:4303/fbopt/hook&scope=email,user_location,user_birthday
I would expect Facebook to show up the application authentication form, with the permissions required.
Unfortunately, this does not happen. An empty page is shown within the frame, HTML is empty!
I see (from the Chrome network debugger) that the URL is indeed accessed, but the response is with HTTP 200 status (not error), but no response data. Instead, getting
X-Frame-Options: DENY
response header - rendering denied within frame! Why?
When loading the URL above "manually" outside the Facebook frames structure, I do get the authentication screen with the right permissions.
I wonder what is missing to get it work with canvas.
Any hint on what I should add, or how to debug such a problem - will be appreciated.
Thanks ,
Max
Looks like me fundamental problem was that I was trying to redirect the whole page, instead of making a frame redirection.
Started here:
Blank Canvas => 'Refused to display document because display forbidden by X-Frame-Options.'
Went here:
https://developers.facebook.com/docs/howtos/login/login-for-canvas/
It says:
Because your application is being loaded in an iframe, returning a 302 to redirect the user to the Login Dialog will be unsuccessful. Instead you must redirect by setting the Javascript window.top.location property, which causes the parent window to redirect to the Login Dialog URL
This was probably my major mistake.
Max
Do you have iframe in your app? Sending X-Frame-Options with content DENY is Facebook's way to fight with clickjacking. More info:
http://darklaunch.com/2010/11/09/facebook-s-anti-clickjacking-techniques
adding an iframe to facebook does not work anymore since ~2 weeks
I've had the same issue. 302 Redirect works because I use a lot of those but you cannot redirect to a facebook domain for any reason. If you want you can do a top redirect via javascript. What I did is I created an html that accepts a url and it loads it in top.location then redirects back to apps.facebook.com. With X-frame most probably because you have a AntiForgeryToken (if using .net) because this would insert xframe sameorigin in the header. You can disable this with
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
I have an application running in an iFrame that is embedded in a SharePoint site. The problem with this is navigation within the application does not result in a change in the SharePoint site URL. Therefore, if you were to refresh the overall page, you would be sent back to the default page of the application, not stay on the same page of the application. The reason this is an issue is sharing for social media. I have added a Facebook Share button to the application, but when it pulls the URL of the application which does not match or reference the URL of the overall site, so it just shares the application (which is not visually appealing and does not allow you to access the rest of the site).
Any body have any suggestions or know a place I can go for help? Thanks!
If I understand properly, the Facebook stuff is INSIDE the iframe?
If so, you can:
* Remove the iframe and integrate the application better with SharePoint, or
* Change the application so that it detects that it's running "alone" (with javascript etc), and if so redirect to the "big" application.
IF the Facebook stuff is in SharePoint, OUTSIDE of the iframe, you can write some javascript to update the URL in some way that matches the URL of the application. This requires that the SharePoint parent application and the iframe application run in the same domain - if they are not, this is not an option.
Note that changing the "parent" URL with JS will reload the page, UNLESS you only change the URL after the "#" part (so you can do something like:
"http://sharepoint/iframe.aspx?aa=11&bb=22#iframeUrl=http://uglyapplication/"
You'll also probably want to write JS to update your iframe accordingly if the user press "back"/"forward" etc in the browser, because changing the URL like above will still add a "step" to the browser history.
I'm working on a Facebook app tab and would like to use the signed request bundle as documented here:
http://developers.facebook.com/blog/post/462/
I'm trying to use their example code to unpackage the signed request which is supposedly passed to the tab, however, $_POST, $_GET, and $_REQUEST are always all empty.
The exact code works on the canvas page and I am able to parse the signed request.
Is there something that I'm missing in their recent announcement?
By the way, the app is not published to the marketplace, and the fanpage my tab is installed on is private. Will that make a difference?
-Seth
Okay, figured it out!
When configuring the app, I had filled in the "Tab URL" to be "tab/"
This made the full url to the tab page "http://www.example.com/myfacebookapp/tab/"
This made sense to me.
Apparently, Facebook doesn't like this. After changing my "Tab URL" to 'tab/index.php", the signed request started to show up in the app tab!
Essentially, the problem is that your webserver is performing a redirect when it receives the request. In your case, it's redirecting from http://www.example.com/myfacebookapp/tab/ to http://www.example.com/myfacebookapp/tab/index.php; in my case it was redirecting from http://www.example.com/myfacebookapp/tab to http://www.example.com/myfacebookapp/tab/ (my app is built in .Net MVC, so has no filenames, but needs that trailing slash, apparently).
So the canonical solution is to make sure that the path in the Tab URL field is the actual URL, not one that the webserver will redirect to. If the webserver has to make a redirect, then the real page is fetched by GET (not POST) and no signed_request postdata is provided to your script.
Very frustrating; I just spend an hour and a half debugging why my test app worked and the production one didn't. To make things worse, I knew this answer, it just didn't register that this was what the problem was. Very irritating!
Thanks Seth I was having the same problem. I could get a signed request on the app canvas page but not of my page tab. For clarification
go to www.facebook.com/developers/
click on edit settings for your app
click the Facebook Integration tab
at the bottom in the Page Tabs section in the Tab URL field enter in the path to the index.php page for your facebook landing page
ex. if your page is located at www.foobar.com/facebook/tab/index.php you need to put "tab/index.php" (without the quotes) rather than just "tab/"
Been trying to figure this out for days!
I found a solution:
Just put a "/" at the end of the tab url.
Like: "http://domain.us/facebook/tab/"
It worked for me, let us know if it also works for you!
Once you are Authenticate with Application you will get the signed_request data,
Authenticated as like in the below URLs
https://developers.facebook.com/docs/authentication/
https://developers.facebook.com/docs/reference/javascript/FB.login/