1

as the title states, I am having some trouble getting the user logged in on my Facebook application.

When the user is logged out, and they click log in, the page reloads and then displays a Facebook logo with the text Go to Facebook.com below it, and when I try using the Javascript SDK, I do get the login page in a popup box, but once I press Login, the popup redirects to a XD Proxy page, where I get stuck, and I have to manually close the popup to have the callback execute.

In both cases I get this error in the Chrome console,

Error I get in console, when using the Javascript SDK:

Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/dialog/permissions.request?etcetc... from frame with URL http://subdomain.mysite.com/folder/?etcetc... Domains, protocols and ports must match.

Error I get in console, when using the PHP SDK:

Unsafe JavaScript attempt to access frame with URL http://apps.facebook.com/my_app/ from frame with URL https://www.facebook.com/login.php?etcetc... Domains, protocols and ports must match.

Here is my code,

PHP:

<?php
require 'libs/facebook/src/facebook.php';

$facebook = new Facebook(array(
  'appId'  => 'APP ID',
  'secret' => 'SECRET',
));

$user = $facebook->getUser();

if ($user) {
  try {
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }
}

if ($user) {
  $logoutUrl = $facebook->getLogoutUrl();
  echo "<a href='".$logoutUrl."'>Login</a>";
} else {
  $loginUrl = $facebook->getLoginUrl();
  echo "<a href='".$loginUrl."'>Login</a>";
}
?>

I am using version 3.0 of the PHP SDK.

After the PHP failed, I tried using the Javascript SDK instead, to handle the login and logout,

Javascript: 

FB.init({
    appId       : 'APP ID',
    status      : true, // check login status
    cookie      : true, // enable cookies to allow the server to access the session
    xfbml       : true // parse XFBML
}); 

FB.getLoginStatus(function(response) {

    if (response.session) {

        $('#login').hide();
        $('#logout').show();

    } else {

        $('#logout').hide();
        $('#login').show();

    }
});


$("#logout").live('click', function(){
    FB.logout(function(response) {
        window.location.reload();
    }); 
});

$("#login").live('click', function(){
    FB.login(function(response) {
        window.location.reload();
    }); 
});

Any help would be greatly appreciated, thank you!

Odyss3us
  • 6,457
  • 18
  • 74
  • 112
  • 1
    its a Chrome security measure to stop cross domain requests ect http://stackoverflow.com/questions/3010170/unsafe-javascript-attempt-to-access-frame-with-url-error-being-continuously – Lawrence Cherone May 24 '11 at 12:20
  • php code looks fine. Define `failed` please – zerkms May 24 '11 at 12:26
  • 3
    This is why I hate the friggin' Facebook platform. – Martin Bean May 24 '11 at 12:28
  • @Lawrence: So there is no way around it? – Odyss3us May 24 '11 at 12:30
  • @zerkms: By `failed`, I mean that it didn't redirect me to the login page when I was logged out, and clicked on the login button to log in, it took me to a page with a Facebook logo with text below it stating `Go to Facebook.com`. – Odyss3us May 24 '11 at 12:33
  • @user270311 i wouldn't know sorry, have a look at this http://www.google.co.uk/search?q=Unsafe+JavaScript+attempt+to+access+frame+with+URL+http%3A%2F%2Fapps.facebook.com there's 53,700 results – Lawrence Cherone May 24 '11 at 12:34
  • Sometimes I get these errors one day and the next day it's gone without me doing anything... – AllisonC May 24 '11 at 12:37
  • @Lawrence: Thanx, I've checked out most of those already, but I'll have another look! – Odyss3us May 24 '11 at 12:54
  • I used to get this, make sure the domain you are calling it from is the same as the one in the app settings. Yes I hate working with Facebook too. – PaulM May 25 '11 at 10:01

1 Answers1

1

Ok, so after banging my head against the board for a while, I came up with this, and it does the trick!

Using the PHP SDK, it is redirecting the user to the login page if they are not logged in, and setting the Logout URL with the next parameter for later use wherever/whenever you want it.

And no more XSS errors! :)

if ($user) {
    $logoutUrl = $facebook->getLogoutUrl(array('next'=>'http://apps.facebook.com/your_app/'));
} else {
    $loginUrl = $facebook->getLoginUrl(array('redirect_uri'=>'http://apps.facebook.com/your_app/'));
    echo "<script>top.window.location='".$loginUrl."';</script>";
}

I hope this helps!

Odyss3us
  • 6,457
  • 18
  • 74
  • 112