I have page with HTTPS and I need to use Live Stream Box on it . I used iFrame (code below) . But when user loges in it the popup goes to after login http://www.facebook.com/popup_closer.php which users http so has permission issue as I use https in iframe src.
If I use same think with http it works but fine in FF and Chrome but IE gets issue with http shown under HTTPS .How do I get this working ?
<iframe src="https://www.facebook.com/plugins/live_stream_box.php?always_post_to_friends=false&height=600&width=490&xid=1&app_id={my_app_id}" width="490" height="600" scrolling="yes"></iframe>
Really need a help in this matter .
Found out that its a bug with facebook .
Submitted a bug here http://bugs.developers.facebook.net/show_bug.cgi?id=17422
Related
I have a web site already integrated with Facebook login, using server-side authentication.
I have an issue to turn it into an application running under Facebook.
The problem is that Facebook does not show the authentication page at all
Therefore, I am not even getting to the server authentication process for real.
Right now, the application is running on my local machine.
My app is defined as Facebook Application: (adding blank before localhost for site security purpose only)
Canvas URL: http ://localhost:4300/fbopt/
Secure canvas URL: https ://localhost:4303/fbopt/"
[same problem happens when running in a Sandbox, without Secure URL]
I have a "fan page" with "Go to App" button there.
Pressing a button leads me to the URL:
https://apps.facebook.com/[appid]/?fb_source=timeline
The browser starts loading the page with the frames.
The lower frames makes the POST request to the URL I provided.
My application redirects the page to the following URL:
https://www.facebook.com/dialog/oauth?client_id=[appid]&redirect_uri=https://localhost:4303/fbopt/hook&scope=email,user_location,user_birthday
I would expect Facebook to show up the application authentication form, with the permissions required.
Unfortunately, this does not happen. An empty page is shown within the frame, HTML is empty!
I see (from the Chrome network debugger) that the URL is indeed accessed, but the response is with HTTP 200 status (not error), but no response data. Instead, getting
X-Frame-Options: DENY
response header - rendering denied within frame! Why?
When loading the URL above "manually" outside the Facebook frames structure, I do get the authentication screen with the right permissions.
I wonder what is missing to get it work with canvas.
Any hint on what I should add, or how to debug such a problem - will be appreciated.
Thanks ,
Max
Looks like me fundamental problem was that I was trying to redirect the whole page, instead of making a frame redirection.
Started here:
Blank Canvas => 'Refused to display document because display forbidden by X-Frame-Options.'
Went here:
https://developers.facebook.com/docs/howtos/login/login-for-canvas/
It says:
Because your application is being loaded in an iframe, returning a 302 to redirect the user to the Login Dialog will be unsuccessful. Instead you must redirect by setting the Javascript window.top.location property, which causes the parent window to redirect to the Login Dialog URL
This was probably my major mistake.
Max
Do you have iframe in your app? Sending X-Frame-Options with content DENY is Facebook's way to fight with clickjacking. More info:
http://darklaunch.com/2010/11/09/facebook-s-anti-clickjacking-techniques
adding an iframe to facebook does not work anymore since ~2 weeks
I've had the same issue. 302 Redirect works because I use a lot of those but you cannot redirect to a facebook domain for any reason. If you want you can do a top redirect via javascript. What I did is I created an html that accepts a url and it loads it in top.location then redirects back to apps.facebook.com. With X-frame most probably because you have a AntiForgeryToken (if using .net) because this would insert xframe sameorigin in the header. You can disable this with
AntiForgeryConfig.SuppressXFrameOptionsHeader = true;
For some reason my application has decided to stop loading page tabs when using HTTPS. I do use SSL certificate on my server, the Facebook canvas page even loads using HTTPS;
https://apps.facebook.com/myflashstore
But the Page tab only loads using HTTP even though for a long time it was working with HTTPS just fine.
http://www.facebook.com/trubeats/app_79482449955
https://www.facebook.com/trubeats/app_79482449955
In the app settings, the Secure Page Tab URL is the same as the Page Tab URL so there shouldn't be an issue. Anyone have any ideas? Help is much appreciated
I found the solution. The Secure Page Tab URL was a relative URL, relative to my Canvas URL - while it worked fine ever since I made the app, and worked fine for HTTP requests, for some reason the Secure Page Tab URL now wanted a full URL. Thanks Facebook for continually changing things...makes life much easier for us!
I know this kind of question are asked all the time,
I've mannaged to deal with all the https problems and all that..
but my problem now is when a user click on the app tab in my page, and their secure browsing option is disabled, they automatically redirected to the http url insted of the https. (my app can only work throu https).
I tried not putting anything in Page Tab URL: in the app settings as well as putting the https url there, but they both wont work...
how can I make my tab to default redirect to https url??
p.s.
I've also tried redirecting by code like this:
if($_SERVER['HTTPS']!=”on”)
{
$redirect= “https://”.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
header(“Location:$redirect”);
}
and also like that:
if (!$_SERVER['HTTPS']) {
header("HTTP/1.1 301 Moved Permanently");
header('Location: https://[myappurl]');
exit;
}
but it did not work
update: problem solved
I needed to fill up the app on facebook section on my application setting in facebook developer. I'm not sure why, but it worked.
my app can only work throu https
You mean, will only “work” (in a sense of “only than can I guarantee the safety of user’s data”), or is only accessible via HTTPS?
how can I make my tab to default redirect to https url??
The user chose to browser facebook.com over HTTP, so Facebook will load the HTTP version of your app into the iframe. So unless you have at least one page of your app that is accessible via HTTP only – you can’t. If you do have such a page, redirect to the HTTPS version using JavaScript, top.location.href = "https://www.facebook.com/…"
Got this really weird problem when loading https pages into my facebook app (when the app is running as http://apps.facebook.com/xxxxx).
If i do declare wether its http or https using.
FB._https = (window.location.protocol === 'https:');
On my https pages the facebook javascript api fails silently or atleast the setSize function. When loading http pages into the iframe it works fine.
If i do not declare if its https or not i get a security warning in IE, in all other browsers it works fines.
If i set my settings to run the app as https and all my pages are in https then it works fine.
But the thing is that if a user runs facebook on http, then i must be able to display some pages as https in the iframe, anyone had any similar problem?
Similar problem here - I put together a proof-of-concept for testing. This has been filed as a bug and is apparently being looked at. It might help if you go and +1 the bug report.
If someone is using facebook on http and they visit your app which is set up for https, they will just see the https page. Or you can set up a http canvas page as well as your https one. You don't need to put in any of those workarounds..
i am trying to put a like button on a page in a chrome extension that i've developed.
i use the simple XFBML version:
<fb:like href="http://www.mydomain.com/page?param=1&otherparam=2" send="false" layout="standard" width="400" show_faces="false" font="arial" ref="chrome_notification"></fb:like>
and of course i use the JavaScript SDK.
when i upload this page into my webserver, everything works just fine.
but when i run this page within my chrome extension, the like button itself works just fine, but the comment popup doesn't show.
in addition - i get these error masseges in the console:
Unsafe JavaScript attempt to access frame with URL chrome-extension://eindnjdghfmigkecgibjclhdnadlnbhm/../mypage.html from frame with URL https://www.facebook.com/plugins/like.php?api_key=&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d383d278%26origin%3Dchrome-extension%253A%252F%252Feindnjdghfmigkecgibjclhdnadlnbhm%252Ff44dd2768%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=arial&href=http%3A%2F%2Fwww.mydomain.com%2F%3Fparam%3D1%26otherparam%3D2&layout=button_count&locale=en_US&node_type=link&ref=chrome_notification&sdk=joey&send=false&show_faces=false&width=400. Domains, protocols and ports must match.
and -
Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/plugins/like.php?api_key=158698534219579&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3d383d278%26origin%3Dchrome-extension%253A%252F%252Feindnjdghfmigkecgibjclhdnadlnbhm%252Ff44dd2768%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&font=arial&href=http%3A%2F%2Fwww.mydomain.com%2F%3Fparam%3D1%26otherparam%3D2&layout=button_count&locale=en_US&node_type=link&ref=chrome_notification&sdk=joey&send=false&show_faces=false&width=400 from frame with URL http://www.facebook.com/plugins/comment_widget_shell.php?api_key=&locale=en_US&master_frame_name=f38cd100f8&sdk=joey. Domains, protocols and ports must match.
can anyone help me to find a solution for this?
Could it possibly by related to this known Facebook bug?
http://developers.facebook.com/bugs/293075054049400
Basically, one gets this behavior if secure browsing is enabled on the Facebook user's account.