I m currently developing a site which runs standalone and as a facebook app on an iframe I was wondering what whold be "best practice" for checking if my page is ran in a facebook iframe before the page loads so I can preset the relevant CSS and other variables
感谢。
这样做有两种办法。 如果你不关心安全(即你真的只想知道如何编排该网页,而不是决定显示什么内容),那么你的最好之子可能是使用一种独特的圆顶来查阅Facebook。 例如,如果你的独立网站是www.mysite.com,你可以配置假肢。 然后,你的服务器代码可以方便地检查哪些尿素版本正在进入,并相应采取行动。 当然,你一定要注意你的联系,以确保他们保持正确的预设点。
另一种方式是使用已签名的“请求”,如上所述,在显示“Face”准入时,设立厨师(或会议)。 每一页的顶端还有一线 j印法,以确保该页在一栏内。 否则,该守则立即将直线转回目前的网页,加上“吗.=1”等附加参数,该参数将告诉服务器以外部格式清除 co/会场和输出该网页。
$signed_request = $_POST[ signed_request ];
if(empty($signed_request))
die( No direct access. );
https://developers.facebook.com 如果有的话,也是一种良好的检验标准。
在这里,如果目前的网页在一张面纱上运行的话,则要测试一些加拿大文:
if( strpos( $_SERVER[ HTTP_REFERER ], "apps.facebook.com" ) !== false ){
// Page is running in Facebook iframe
}
可以通过比较<代码>window.top=window/<>code>,在客户方面进行这方面的唯一实际检查。 如果实际应用不在<代码>iframe范围之内。
没有可以确保这一点的服务器旁边检查,因为浏览器没有将有关母系的信息传递给除“吉大港”以外无法信赖的服务器。
在Canvas
Update:
说这是唯一的真正检查,并不意味着你应该使用它! 更贴在<条码>上签名的“request 依据解决办法”,因为“Facebook”与你的相呼应互动,用户不打算使用已签名的“request”,而“在任何条件下不得通过作为询问的一部分! 如果使用者放弃,情况可能是错的,那么我 w头双手就错失了。
我今天上午也谈到这个问题——我希望台式用户通过面纱来查阅我的照片,但我希望移动用户能够直接通过URL进入用户。 和Flinoyd Wilburn一样,通过不同的URLs获取不同版本的电器是一种很好的选择,但我不使用两本复印件(硬要保存)来改写照相机/面簿,将其根成:
# rewrite both /facebook and / to same place so you
# can tell if your request came from facebook or from direct URL access :)
RewriteEngine on
RewriteBase /
RewriteCond %{REQUEST_URI} /facebook*
RewriteRule (.*) /index.php [L]
Be sure to set your Facebook page tab URL to land in the /facebook subdirectory. Now, you can browser sniff to see if they re a mobile or desktop user, and you can test the requested URL to see if they re accessing the app through Facebook or directly :)
Let me add that there is NO foolproof way to determine either the client type or access point - both can be spoofed by someone who knows what they re doing - so take this into consideration when designing your app s security and authentication mechanisms.
I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...
<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...
I found this script online that creates a thumbnail out of a image but the thumbnail image is created with poor quality how can I improve the quality of the image. And is there a better way to create ...
如何确认来自正确来源的数字。
Most sites need some way to show the dates on the site in the users preferred timezone. Below are two lists that I found and then one method using the built in PHP DateTime class in PHP 5. I need ...
I wonder there is a way to post a message to a facebook business page with cURL? thanks
I want to create text as a watermark for an image. the water mark should have the following properties front: Impact color: white opacity: 31% Font style: regular, bold Bevel and Emboss size: 30 ...
How does php cast boolean variables? I was trying to save a boolean value to an array: $result["Users"]["is_login"] = true; but when I use debug the is_login value is blank. and when I do ...