Is there a way to process the FB.init function within plain java code ?
I have added an inline frame based up, that sends a signed_request param to my server.
The signed_request already covers a good bunch of information.
Due to the fact, that the session_key and the secret are required, I have to display the Facebook login button and let the user click it in order to set the fbs_ cookie.
Any idea how to get completely rid of the login button ?
Java is a server-side programming language, while JavaScript is client-side. Therefore, if you intend to use the FB JavaScript library, you need to embed this in your webpage. This is pretty straightforward with frameworks like Wicket for instance. However, no matter you embed the JavaScript at server side, it'll get executed when it gets downloaded and invoked in the user's browser.
Related
I'm basically looking at a security problem between a parent page and an iframe with links to a third party.
I want to send a POST or a GET (doesn't matter which as I can control the other side) to the third party, but not expose any details within it (say a SID or a user token) and have it's HTML content (JS/HTML/Images) loaded into the iframe.
I've looked at server-side redirects, creating a proxy using webclinet/webresponse and am curious to whether there is a good way to do it.
Has anyone ever done this before, or think that the secrity is not possible? Hell, even if I'm barking up the wrong tree on how to solve this.
If anybody has any examples on this it would be greatly appreciated.
Cheers,
Jamie
[Edit] Was thinking I might need to add some more details.
Say I have a parent page: https://mycompany.com/ShowThirdParty.
This has an iframe in it at the moment which will have the content of another component (also owned by me, or another team more specifically)
Basically I'd like to send some credentials to content in the iframe in such a way that the external pages can't read it, the iframe is put into a modal (I've done that) and the iframe has the restricted content with the auhtentication almost seamless and invisible.
I currently have it working as a GET url generated dynamically via JS and then passed into the iframe src parameter, obviously that isn't secure.
I kind of want some kind of server side redirect across a full url, but I don't even think that's possible.
You could try using AJAX and load a PHP script (with any parameters to the script encoded/encrypted) to query the 3rd party page and load the response into the iframe. Not really sure how your code is setup but there should be a way.
It can also be done by POST Method (submit the data to iFrame using POST) as it is HTTPS so the data you send to iFrame is encryped.
I'm just new to Zend Framework. Currently what I'm trying to do is when user access my website
they will first see a select box with two language such as english and germany to choose.
Only when they make a selection, the browser will redirect them to the index controller of that specific language page.
So my question is how to make a select box in bootstrap file or any kind of possible ways to do that and how to redirect user after that? Any solution will be much appreciated!
Don't ever use bootstrap file (and I'm talking about both Bootstrap.php and index.php) for this kind of operations. First, it just won't work the way you ask; second, you'll mess your app's structure big time.
Instead you may use one of the following approaches:
1) add some predispatch hook that will check whether the choice has already been made by checking the user's cookies. If it is, proceed with request as usual (probably setting some Zend_Registry lang variable to be used later), if not, redirect for the language choosing page; the latter should store the choice made in cookies.
2) implement a simple rule in your Router/mod_rewrite: when the requested URL contains 'the language part' (http://example.com/lang/xx/... or just http://example.com/xx/...), it automatically uses this part so set the lang param. If not, the request is automatically redirected to the language choosing page. The latter, in turn, leads the user to a language-specific page, where all the links are made language-specific.
The latter approach is inferior, in my opinion, as user will have to use a language-tuned gateway all the time. But you don't have to store this info in cookies.
You could make a plugin that use the preDispatch event to look if the language has been chosen (e.g stored in cookie or session) and redirect to the landing page if not.
Look here zend framework plug-in - predispatch()
and the ZF's action plugin documentation.
That's what I do to force login in my app.
Now in your position what I would really do would be detecting the language of the user with a fallback to English and a switch widget somewhere in your navbar.
As per the Authentication Documentation, I'm directing my user's to the following URL to initiate the authentication flow:
https://www.facebook.com/dialog/oauth?client_id=251747341532139&redirect_uri=https://www.facebook.com/connect/login_success.html
However, instead of the login page looking like:
... (i.e. like it does in the documentation and in other Apps I've created and used), it looks like this...
Does anyone know why?
I've tracked the redirects that the page makes, and it's as follows:
https://www.facebook.com/dialog/oauth?client_id=251747341532139&redirect_uri=https://www.facebook.com/connect/login_success.html
https://www.facebook.com/connect/uiserver.php?app_id=251747341532139&method=permissions.request&display=page&next=https://www.facebook.com/connect/login_success.html&response_type=code&fbconnect=1
https://www.facebook.com/login.php?api_key=251747341532139&skip_api_login=1&display=page&cancel_url=https://www.facebook.com/connect/login_success.html?error_reason=user_denied&error=access_denied&error_description=The+user+denied+your+request.&fbconnect=1&next=https://www.facebook.com/connect/uiserver.php?method=permissions.request&app_id=251747341532139&display=page&redirect_uri=https%253A%252F%252Fwww.facebook.com%252Fconnect%252Flogin_success.html&response_type=code&fbconnect=1&from_login=1&rcount=1
Application type is set to Native/Desktop, and I've set the App Integration to "Website".
If the language I'm using makes any difference, I'm using C#, and setting the Url of System.Windows.Form.WebBrowser.
As per the above comments, you can use the display parameter in the URL to control which kind of dialog to show, as you would normally do with the JS SDK.
Your URL becomes:
https://www.facebook.com/dialog/oauth?client_id=xx&redirect_uri=yy&display=popup
Upon install of my app on a Facebook Page, I'd like to send the user to an URL with further instructions. I'm starting the installation with http://facebook.com/add.php?api_key=app_api_key&page=page_id, which installs but redirects the user to the Facebook Page itself. It seems like various forms of redirect were available at some point:
Post-authorize callback URL. I can no longer find that in App settings.
The next parameter for add.php. I can't seem to get this to work
I have seen some apps that do redirect upon install, so I believe this is possible. Maybe it's using an old Post-authorize setting that's no longer visible?
Any help or point would be greatly appreciated! I'm also not attached to using add.php, if there's a Facebook Connect method that does this I'd use that instead (I'm looking at profile.addtab though that doesn't seem to work either).
You can set the redirect URL in the app properties. You can no longer set it from the developer control panel in Facebook, but you can still set it using the REST api.
The list of app properties is here: http://developers.facebook.com/docs/appproperties/
To set the "post_authorize_redirect_url" you would use something like this:
https://api.facebook.com/method/admin.setAppProperties?
access_token=CURRENTTOKEN&
properties={'post_authorize_redirect_url':'http://mydomain.com/post_authorize_folder/'}
I am not completely clear on this, but I believe the url needs to point to a folder, terminated with "/" rather than a specific file.
The callback gets two parameters:
installed = 1 (true)
fb_page_id = the page id when your app was installed
First page that Canvas is point to should have
< script type='text/javascript'>top.location.href = 'REDIRECT-URL';< /script>
So when your app is opened it will automaticaly redirect to REDIRECT-URL
I'm not sure that you can avoid opening of application canvas page after installing application.
Are you able to send php variables to a application in a tab (in facebook)?
I have built a system which sends a wall post to a friend, which includes a link with a php variable in it. This variable needs to be processed by the app, but I cant work out how to (or if I can) do this.
Yes, you can pass URL Parameters to an iFrame Tab App.
Pass the parameter: http://www.facebook.com/MyPage?sk=MyApp&app_data=any_string_here
Receive the parameter: $app_data = $signed_request["app_data"];
See more:
http://forum.developers.facebook.net/viewtopic.php?id=92661
I think this is a duplicate of the following question:
Facebook Application Tab -> External Linking with PHP
It does not seem to be possible to pass URL parameters into a Facebook application that is in a Tab. You can do it on the Application page however.
Edit: as per the answer below, this behaviour has changed. Details here: http://forum.developers.facebook.net/viewtopic.php?id=92661