0

I have problem with my fb application. I use this tutorial: http://3adly.blogspot.com/2012/12/ruby-on-rails-facebook-application.html I have app hosated on Heroku and box with authorization request doesn't work if i use app as iframe (https://apps.facebook.com/my-app). In chromium console i see error: 

Refused to display 'https://www.facebook.com/dialog/oauth?client_id=123...%2Fmy-app.herokuapp.com%2F%2F&scope=read_stream' in a frame because it set 'X-Frame-Options' to 'DENY'.

But I have correct x-auth value im my config/application.rb:

module TestApp
 class Application < Rails::Application
 # Settings in config/environments/* take precedence over those specified here.
 # Application configuration should go into files in config/initializers
 # -- all .rb files in that directory are automatically loaded.

 # Set Time.zone default to the specified zone and make Active Record auto-convert to this zone.
 # Run "rake -D time" for a list of tasks for finding time zone names. Default is UTC.
 # config.time_zone = 'Central Time (US & Canada)'

 # The default locale is :en and all translations from config/locales/*.rb,yml are auto loaded.
 # config.i18n.load_path += Dir[Rails.root.join('my', 'locales', '*.{rb,yml}').to_s]
 # config.i18n.default_locale = :de
 config.action_dispatch.default_headers = {
  'X-Frame-Options' => 'ALLOWALL'
 }
 end
end

When I use my app standalone (https://my-app.heroku.com) I see box with "permissions request", when I click OK my app works in IFrame and standalone. MY app works correctly, because I can see "Hi Grzegorz", in my view I have Hi <%= @user_profile["first_name"] %>!. This is weird for me, why I don't see box with permissions request in IFrame?

esio
  • 1,592
  • 3
  • 17
  • 30
  • Just guessing so I'm posting this as a comment instead of an answer, but I'm wondering if it's *facebook* that's disallowing the iframe, not your app. In that case you can't do much about it, but it might mean you're requesting something in a way that FB doesn't like. [This question](http://stackoverflow.com/questions/6666423/overcoming-display-forbidden-by-x-frame-options) has a lot of answers having to do with FB and this problem, but I don't know which one of them might fix your issue... – carols10cents Nov 17 '13 at 19:01
  • @carols10cents is right - Facebook is disallowing this iFrame, not your app. – SLD Nov 20 '13 at 20:48
  • @esio: Would you mind reviewing my answer? – Tobi Nov 22 '13 at 14:38

1 Answers1

0

I once had a similar problem, and it was the case that the redirect URL in the application configuration was different from the one used in the autorization URL. Also check whether http/https usage is consitent.

Furthermore, check whether the authentication link has the attrubute target="_top", see here: http://www.techguywebsolutions.com/facebook-app-getloginurl-issue.html

Tobi
  • 31,405
  • 8
  • 58
  • 90