0

I am building a facebook app currently it is in sandbox mode. My code :-

index.php

<?php
ob_start();
@session_start();

require 'facebook.php';
include_once('config.php');


$facebook = new Facebook(array(
            'appId' => APP_ID,
            'secret' => SECRET_KEY,
            ));

$user = $facebook->getUser();

if ($user) {
  try {
    // Proceed knowing you have a logged in user who's authenticated.
    $user_profile = $facebook->api('/me');
  } catch (FacebookApiException $e) {
    error_log($e);
    $user = null;
  }


    if (!empty($user_profile )) {
        # User info ok? Let's print it (Here we will be adding the login and registering routines)

        $username = $user_profile['name'];

        //echo '->'.$username;exit;
        $uid = $user_profile['id'];
        $email = $user_profile['email'];


        @session_start();
        //$_SESSION['id'] = $userdata['id'];
        $_SESSION['oauth_id'] = $uid;

        $_SESSION['username'] = $username;
        $_SESSION['email'] = $email;
        $_SESSION['oauth_provider'] = 'facebook';
        header("Location: home.php");

        ?>

        <?php


    } else {
        # For testing purposes, if there was an error, let's kill the script
        die("There was an error.");
    }
} else {
    # There's no active session, let's generate one
    $login_url = $facebook->getLoginUrl(array( 'scope' => 'email'));
    header("Location: " . $login_url);
}
?>

Here I am checking if the user is login or not if it is a logged in user then redirect to home,php else to login page of facebook.

but when i run my app on facebook it throws error on console :-

Refused to display document because display forbidden by X-Frame-Options because it set 'X-Frame-Options' to 'DENY'

enter image description here

Also I tried this solution but it wont work

Community
  • 1
  • 1
Rakesh Shetty
  • 4,548
  • 7
  • 40
  • 79

2 Answers2

1

You can not display the login dialog within any kind of frames – that’s an anti-phishing measure, the user is supposed to be always able to verify that the login dialog they are shown is indeed from facebook.com, and not a fake loaded from any other site.

You have to redirect to it in the top window instance. This can not be done server-side, so you have to use JavaScript:

<script>top.location.href = "…";</script>
CBroe
  • 91,630
  • 14
  • 92
  • 150
  • Thanks for your reply i tried this ; but it shows the same error – Rakesh Shetty Feb 17 '14 at 08:50
  • _As I said,_ you have to call _the login dialog_ in the top frame … and that’s not the address of the login dialog. `header("Location: " . $login_url)` in your code is what you have to replace with JavaScript. – CBroe Feb 17 '14 at 09:16
  • OMG !! it worked. I was redirecting home.php using js but as you said now i used which worked :) thanks bro – Rakesh Shetty Feb 17 '14 at 09:30
  • can you help on this what should i add to $facebook->getLoginUrl(array( 'scope' => 'email')); so that it also ask user to photo permission – Rakesh Shetty Feb 17 '14 at 10:05
  • 1
    https://developers.facebook.com/docs/reference/login/extended-profile-properties/ – CBroe Feb 17 '14 at 10:10
0

Instead of header redirect use JS redirect as

<script>top.location.href="THE URL"</script>
Abhik Chakraborty
  • 44,654
  • 6
  • 52
  • 63
  • thanks for your reply, you mean to say should i do like this top.location.href="home.php" ?? – Rakesh Shetty Feb 17 '14 at 08:01
  • I changed the url to :- but it throws the same error – Rakesh Shetty Feb 17 '14 at 08:49
  • Hmm how about – Abhik Chakraborty Feb 17 '14 at 08:55
  • Can u add the following on the top of your home.php header('X-Frame-Options: GOFORIT'); – Abhik Chakraborty Feb 17 '14 at 09:02
  • same result....from my account i have build this app and i added my friend as developer. When i open this app through my id it open and on console it shows error -GOFORIT' is not a recognized directive. The header will be ignored. AND when I try to open this app through my friend id it shows error - Refused to display document because display forbidden by X-Frame-Options because it set 'X-Frame-Options' to 'DENY' – Rakesh Shetty Feb 17 '14 at 09:07
  • hmm this is weird since I had similar issue and got resolved by JS re-direct. – Abhik Chakraborty Feb 17 '14 at 09:14