facebook api appending #_=_ to my return uri

Question

I'm using the facebook php library to authenticate users to my app, it's working fine but for some reason facebook is appending the characters #_=_ to the end of my return uri. I read that they did this if the redirect_uri parameter wasn't set but I do have it set, in fact I'm redirected to that URL successfully after I log in on facebook.

Here's how I get the login url:

$fbLoginUrl = $fb->getLoginUrl(array(
    'scope' => 'email,publish_stream,user_birthday,user_photos,friends_photos',
    'redirect_uri' => 'http://myapp.net/auth'
));

Everything works fine it's just a cosmetic thing I guess. Can anyone help me?

Thanks in advance!

and a bug is filed here, http://bugs.developers.facebook.net/show_bug.cgi?id=20504 — Jashwant, Jan 31 '12 at 04:00

score 4 · Accepted Answer · edited Oct 21 '16 at 07:45

4

On Facebook developer blog, it was told that, if you explicitly set the redirect_uri param, you won't get the #_=_ appended to the callback uri. But this is not the case. You still get those characters even on setting redirect_url field. But that won't have any effect on your flow.

Check this: Session Redirect Behavior - setting redirect_uri explicitely

edited Oct 21 '16 at 07:45

Jianxin Gao

2,717
2
19
32

answered Jan 31 '12 at 03:53

Sudhir Bastakoti

99,167
15
158
162

sigh so I guess it's a facebook fail then :( – Javier Villanueva Jan 31 '12 at 03:58

score 2 · Answer 2 · edited Oct 11 '12 at 13:58

You can only get rid of this client-side.

You might think that you could solve this server-side by redirecting to a URL without the anchor:

facebook redirects to http://MyFacebookRedirectUrl...#_=_
Then we redirect to some new URL, without the anchor

....But the #_=_ reappears by magic in the browser address bar - how?

See James Pearce's answer at http://developers.facebook.com/bugs/318390728250352 :

"Some browsers will append the hash fragment from a URL to the end of a new URL to which they have been redirected (if that new URL does not itself have a hash fragment)."

and also this:

http://blogs.msdn.com/b/ieinternals/archive/2011/05/17/url-fragments-and-redirects-anchor-hash-missing.aspx

Firefox, Chrome, and Opera [and now IE10] will re-attach a URL Fragment after a HTTP/3xx redirection has taken place, even though that fragment was not present in the URL specified by the Location header on the redirection response

So if you're just doing server side redirects from your Facebook redirect page, you're going to have to remove this client-side.

The other alternative is to redirect server-side to a URL that contains a different named anchor - but that doesn't really solve the problem and not all browsers will do the same thing.

facebook api appending #_=_ to my return uri

2 Answers2