I've implemented a like widget which it's URL parameter is set to
"http://www.justanexample.com#!home|mainPage"
the (relevant) meta-tags for this page:
<link rel="canonical" href="http://www.justanexample.com"/>
<meta property="og:url" content="http://www.justanexample.com"/>
still when a user likes the page and posts the message, the link is:
"http://www.justanexample.com?_escaped_fragment_=mainPage"
My assumption is as follows:
when Facebook scraper requests the page - the _escaped_fragment version should return
when user ask the page, he requests the URL with the hash-bang (e.g. "http://www.justanexample.com#!home|mainPage") or without it.
when posting to facebook, the link should be as the URL I set ("http://www.justanexample.com#!home|mainPage"), and therefore when the user clicks this URL it will work the same as (2).
but why does Facebook change my URL to the _escaped_fragment?
could someone please explain where is the problem here?
Thanks!
P.S.
i'm aware of: http://facebook.stackoverflow.com/questions/8653183/facebook-share-showing-escaped-fragment-url-instead-of-hash-version
and understand it solves the issue, but before using it, I want to first understand what's the cause of this behavior.
Related
I have a user who can manage some Facebook Page. I've got access token with all permissions, including publish_actions as written here.
When I send a POST request from Graph API Explorer to <page-id>/feed specifying message and access_token of course, my post appears in Page Feed and author of this post is Page. But when I send a POST request with link instead of message it appears in 'recent publications from others' with my name.
What have I done wrong?
I'm seeing the same thing. If I send a message to <page-id>/feed it will work fine. But if I send a link to the same endpoint it posts on the
I am trying to use Facebook's Real Time API with my app. I am not receiving POSTS to my callback url. Some relevant info:
-- I can add/modify subscriptions using the callback URL, so the URL itself is not the problem.
-- I have granted my app all the right permissions
-- I have deliberately included an error at the very beginning of the function that handles POSTs to the callback URL. Yet, I am not getting errors from the function.
From all this, I can only conclude that Facebook is not POSTing to my callback URL. Does anyone have any ideas what else might be going on?
Also, is there any record of Facebook's attempted POSTs to my callback URL?
I figured out what was wrong. The callback URL I gave to facebook did not have a trailing slash, but the url I specified for my handler function did. In Django, by default, if a request does not match anything from urls.py, it will redirect to the same url with a trailing slash appended. However, POST data is lost in this process, and facebook was trying to POST. I figured this out by manually issuing a POST request to my callback URL, using cURL, at which point Django gave me a very helpful error saying all this.
I am using OAuth Dialog for Facebook permission to access a users' email, birthday and other details but when I run this app URL that is https://apps.facebook.com/projectatestapp/ (while being logged into Facebook) I see this login to app window which says:
You are logging into testapp as Nina Sewart. Logging in will not add this app's activity to Facebook.
With log in and cancel button instead of Permission window with Allow and Don't Allow button
here is my code
<html xmlns:fb="https://www.facebook.com/2008/fbml">
<body>
<script src="http://connect.facebook.net/en_US/all.js"></script>
<div id="fb-root"></div>
<script>
FB.init({
appId: '[My app id]',
xfbml: true,
cookie: true,
oauth: true
});
FB.login({
scope: 'email,user_birthday',
});
</script>
<a href="https://www.facebook.com/dialog/oauth/?scope=email,
user_birthday&
client_id=148244388606048&
redirect_uri=https://apps.facebook.com/projectatestapp/test2.html&
response_type=token" target="_top">test</a>
</body>
</html>
Please tell me whats wrong in it?
The reason you are not seeing it is because the application process has become a two step process.
Being that the person accepts to login into your application.
Being the person accept your extended permission which is where the callback url comes into play.
Documentation can be found here.
So the reason your callback isn't being called is because the two step process. I would suggest making the response attached to second page that is called.
I am not sure how the JS SDK works but it is how I managed to do it.
Goodluck.
You need before calling autorization window to add the fb token to the url to identify your user to fb.
I think try this to get the token : FB.getAccessToken();
I have the same issues here. The documentation says only developers/tester of this app will be able to get the publish permission but I could manage to make it work only with the id that was used to create the app. Other test users (even though are authorized developers) are not able to get past the 'add-to-timeline' stage.
It could be a major bug.
I was struggling with this issue for few hours, and my lovely co-worker helped me fix it just now. Make sure you don't refresh the page after login was called. Basically, don't do something like below:
FB.login(...);
window.location.refresh();
Include the refresh code inside of the callback for FB.login!
Man, I feel so stupid, but sometimes you get confused and forget how callbacks work in terms of execution orders of code.
I'm currently working on securing my Django website with SSL. I'd like certain URL patterns to be accessible only via HTTPS. The single most important thing to do is to secure the login site. There is this form where user inputs their login/password into a form and the form is POSTed to the server. In the login page template I have something like
<form method="POST" action="{% url login %}">
and in my urls.py one of the patterns is something like
url(r'^login/$', 'mySiteLogin', name='login'),
Now I've found some resources suggesting that I should use a middleware that will rewrite http to https, for example this: Django relative urls and https. But logging in cannot be done this way - it's no use to rewrite the protocol when the user has already POSTed their password in plaintext!
So I'm thinking, can I somehow tell {% url %} to use https? I'm thinking of a solution that will use a decorator to mark views that require encryption and then some tag similar to {% url %} will use this info and create a link with https when required.
Or is there some other way?
Thanks,
Mike
But logging in cannot be done this way
- it's no use to rewrite the protocol when the user has already POSTed their
password in plaintext!
Just serve the login page itself over HTTPS. This seems to be a good idea in general.
“By January 5, it was clear that an
entire country’s worth of passwords
were in the process of being stolen
right in the midst of the greatest
political upheaval in two
decades.”—which is why you shouldn’t
serve your login form over HTTP even
though it POSTs over HTTPS.
http://simonwillison.net/2011/Jan/24/
In a nutshell, ISPs from Tunisia injected malicious JavaScript code into the login pages of Facebook to steal user logins.
Maybe you should instead look at middleware solutions that does redirection between HTTP and HTTPS. One example: http://djangosnippets.org/snippets/85/
I am following the Facebook developer documentation for making a post to a Facebook 'Page' as the Page itself, which according to the docs requires impersonation. I've gotten the access token for the page itself, as well as the Page's ID, by making a call to the "accounts" feed for the user who's the admin for the Page. I then POST to
https://graph.facebook.com/[Page_ID]/feed
With the post items
access_token
and
message
containing the access token and the message, and I get a JSON string back with a post ID. Which all seems to indicate that it is posting the message to the page. HOWEVER, when I go to the particular Page, it doesn't display the posted status.
Does anyone perhaps have any idea why that might be?
Thanks in advance everyone!
Did you make sure to get the "publish_stream" permission from the user?
http://developers.facebook.com/docs/authentication/permissions