13

when the canvas app is loaded within the iframe nothing is display and on Chrome Firebug Console I see the error:

Refused to display document because display forbidden by X-Frame-Options.

Firebug Console

I tried this solution: Overcoming "Display forbidden by X-Frame-Options"

 class ApplicationController < ActionController::Base
 protect_from_forgery
 before_filter :set_xframeoption

 def set_xframeoption
  response.headers["X-Frame-Options"]='GOFORIT'
 end

 end

But I have the same error. Any solution?

Thanks

- FB Resquest Header -
GET /dropis_app/ HTTP/1.1
Host: apps.facebook.com
Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: [lot of stuff]

- FB Response Header -
HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
Set-Cookie: wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Content-Encoding: gzip
Content-Type: text/html; charset=utf-8
X-FB-Debug: JGyR/rXLGOKtchBAPFmyYiPZrd5npWbORZgq4sirM1Q=
X-Cnection: close
Transfer-Encoding: chunked
Date: Wed, 01 Feb 2012 17:58:00 GMT



- iFrame Request Header -
Request URL:https://foobar.herokuapp.com/
Request Method:POST
Status Code:302 Found
Request Headersview source
Accept:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Charset:ISO-8859-1,utf-8;q=0.7,*;q=0.3
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Content-Length:433
Content-Type:application/x-www-form-urlencoded
Host:dropis.herokuapp.com
Origin:https://apps.facebook.com
Referer:https://apps.facebook.com/foobar/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_2) AppleWebKit/535.7 (KHTML, like Gecko) Chrome/16.0.912.77 Safari/535.7
Form Dataview URL encoded

- iFrame Form Data -
signed_request: [removed]

- iFrame Response Header -
Response Headersview source
Cache-Control:no-cache
Connection:keep-alive
Content-Length:195
Content-Type:text/html; charset=utf-8
Date:Thu, 02 Feb 2012 16:35:27 GMT
Location:https://graph.facebook.com/oauth/authorize?client_id=[removed]&redirect_uri=https://foobar.herokuapp.com/users/callback
Server:WEBrick/1.3.1 (Ruby/1.9.2/2011-07-09)
Set-Cookie:_dropis_static_session=[removed]; path=/; HttpOnly
X-Rack-Cache:invalidate, pass
X-Runtime:0.001540
X-Ua-Compatible:IE=Edge,chrome=1
Community
  • 1
  • 1
Leonardo Dario Perna
  • 1,045
  • 2
  • 10
  • 23

1 Answers1

9

If anyone else has this problem, I fixed it by simply adding this to my link:

:target => "_top"

That makes it loads the auth into the top window.

From here:

https://developers.facebook.com/docs/authentication/canvas/

bevanb
  • 8,201
  • 10
  • 53
  • 90
  • I had the same issue and a solution similar to this one solved my issue. As is stated in the (obscure) facebook documentation, you should redirect the user to the login url in the top frame, not in the iframe. I solved this by sending an empty page with only: `` – Mortimer Sep 22 '12 at 01:19