开发者

Facebook Application: How can I deny direct access on my server?

Is there a way to deny direct access to the application server for a facebook application?

Facebook loads the application via an iFrame src=http://app-domain/, but you can clearly view the page source and find out that domain and copy paste the URL into a browser and view the application directly.

There is this signed_request and oauth_token in the API, I was wondering how to use that or if I can use that to limit direct access to the application.

So if a user inputs in the browser your application's URL he gets redirected to Facebook.

Thank you.

EDIT: I found a way that also works with form submission.

// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);

This redirects the browser while accessing 开发者_高级运维the application directly and not through facebook.


It will not work if javascript is disabled.

<script type="text/javascript">
    var isInIFrame = (window.location != window.parent.location) ? true : false;

    if(!isInIFrame){
                window.location = 'link-of-application-page';
    }

</script>


You'll need some Javascript to detect whether you're in Facebook's frame and if you're not, redirect to it.


I found a way that also works with form submission. (Works for me, it might not work for you. Test it first.)

// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);

This redirects the browser while accessing the application directly and not through facebook.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜