开发者

signed_request as $_GET not $_POST

The application I'm working on has rewrite rules in place to ensure that the user is always on https. In my fb application settings, I can define both the secure and nonsecure canvas page to use https (so no redirection will occur) but I cannot do the same on a tab page of the application. FB uses whatever proto开发者_开发问答col the user is running on as far as I can tell.

Because of this, when a user hits the application via http, mod_rewrite redirects the user to the https version. Redirects don't pass along form data. There was a thread I found that discussed using a proxy redirect but that doesn't seem to be working.

Is there some configuration setting I could use to turn my signed_request $_POST into a $_GET? Alternatively is there some api call I could make to get the signed_request? The facebook->getSignedRequest() simply looks in the $_REQUEST which due to the redirect contains no post data.


I'd do the redirect in PHP (using $_SERVER['HTTPS']) rather than via .htaccess, and do it after first saving the signed request data to the user's session.


I have the same problem here. When I visit the tab using HTTPS I get the signed_request just fine because there's not redirect happening.

I run another Facebook app on the same server and it uses an htaccess file to make sure the files are served over HTTPS. So, What I ended up doing was making sure that the sub folder I'm working in is excluded from the rewrite. Like so:

RewriteCond %{THE_REQUEST} !/my-app-folder

Then, in my PHP I do a check to see if the referer is HTTP. If it is not, I change the header to an HTTPS version of my app. Like so:

$referer = $_SERVER['HTTP_REFERER'];
if (substr($referer,0,5) != 'https') {
    header("Location: https://www.facebook.com/myapp?sk=app_xxxxxxxxxxxxxx");
}

This is probably not fool proof, but once I click that like button, I definitely get the results I need. I tested this in the dreaded IE as well and it appears to be working there too.


Some browsers do redirect your request to https automatically if you have been on this particular site on https so if you are in http mode on facebook there is situation:

facebook requests http version of your app, browser redirect this request of facebook to https and POST data and thus signer_request are gone in this process...

i see this problem in chrome 23, if you delete browsing data (particulary "Deauthorize content licenses") app should run back on http

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜