17

I'm working on a Facebook app tab and would like to use the signed request bundle as documented here: http://developers.facebook.com/blog/post/462/

I'm trying to use their example code to unpackage the signed request which is supposedly passed to the tab, however, $_POST, $_GET, and $_REQUEST are always all empty.

The exact code works on the canvas page and I am able to parse the signed request.

Is there something that I'm missing in their recent announcement?

By the way, the app is not published to the marketplace, and the fanpage my tab is installed on is private. Will that make a difference?

-Seth

Owen Blacker
  • 4,117
  • 2
  • 33
  • 70
Seth Brown
  • 608
  • 1
  • 6
  • 9

5 Answers5

40

Okay, figured it out! When configuring the app, I had filled in the "Tab URL" to be "tab/" This made the full url to the tab page "http://www.example.com/myfacebookapp/tab/" This made sense to me.

Apparently, Facebook doesn't like this. After changing my "Tab URL" to 'tab/index.php", the signed request started to show up in the app tab!

Cœur
  • 37,241
  • 25
  • 195
  • 267
Seth Brown
  • 608
  • 1
  • 6
  • 9
  • Rock on. This helped me just now. – ceejayoz Aug 22 '12 at 17:34
  • You are right, but partialy. This is not the matter of Facebook. Facebook sends signed request, to URL you specify in developer area. In my case, I inserted `mydomain.com/tab/` as tab URL, but what happens is that framework of my choice redirects `mydomain.com/tab/` to `mydomain.com/tab` (notice no trailing slash). This is GET redirect (simply said), so signed request is lost. In your cases you are redirected from non-trailing slash URL to URL with trailing slash which causes signed request loss. – Andreyco Feb 15 '14 at 18:33
8

Essentially, the problem is that your webserver is performing a redirect when it receives the request. In your case, it's redirecting from http://www.example.com/myfacebookapp/tab/ to http://www.example.com/myfacebookapp/tab/index.php; in my case it was redirecting from http://www.example.com/myfacebookapp/tab to http://www.example.com/myfacebookapp/tab/ (my app is built in .Net MVC, so has no filenames, but needs that trailing slash, apparently).

So the canonical solution is to make sure that the path in the Tab URL field is the actual URL, not one that the webserver will redirect to. If the webserver has to make a redirect, then the real page is fetched by GET (not POST) and no signed_request postdata is provided to your script.

Very frustrating; I just spend an hour and a half debugging why my test app worked and the production one didn't. To make things worse, I knew this answer, it just didn't register that this was what the problem was. Very irritating!

Cœur
  • 37,241
  • 25
  • 195
  • 267
Owen Blacker
  • 4,117
  • 2
  • 33
  • 70
4

Thanks Seth I was having the same problem. I could get a signed request on the app canvas page but not of my page tab. For clarification

  1. go to www.facebook.com/developers/
  2. click on edit settings for your app
  3. click the Facebook Integration tab
  4. at the bottom in the Page Tabs section in the Tab URL field enter in the path to the index.php page for your facebook landing page

ex. if your page is located at www.foobar.com/facebook/tab/index.php you need to put "tab/index.php" (without the quotes) rather than just "tab/"

Been trying to figure this out for days!

Devin Crossman
  • 7,454
  • 11
  • 64
  • 102
4

I found a solution: Just put a "/" at the end of the tab url. Like: "http://domain.us/facebook/tab/"

It worked for me, let us know if it also works for you!

Michael Ionita
  • 41
  • 1
  • it's so dumb that facebook doesn't warns about that, thanks for the tip it saved a lot of time. – destan Apr 27 '12 at 11:25
0

Once you are Authenticate with Application you will get the signed_request data, Authenticated as like in the below URLs

Owen Blacker
  • 4,117
  • 2
  • 33
  • 70
sadik
  • 105
  • 1
  • 10