最近我注意到脸书上的应用程序停止正常工作。
When someone opens app who did not authorize in yet I display simple content with link, When link is clicked, in application I issue redirect (in Spring I return "redirect:...url..") to URL:
< a href=" https://www.facebook.com/dialog/oauth?cople=email&client_id=317651918315301&redect_uri=https%3A%2F%2Fapps.facebook.com%2Facnestop&scop=email&email@mail&refacebook.com/dialog/oauth?scope=email&client_id=3176519183815301&redirect_uri=https%3A%2Fapps.facebook.com%2Facnestop&sclop=mail& refolence_ty=token
它向iFrame发送302 并给定位置。
然后显示空白 iFrame, 并返回 FB 的以下信头 :
Cache-Control private, no-cache, no-store, must-revalidate
Connection keep-alive
Content-Encoding gzip
Content-Type text/html; charset=utf-8
Date Fri, 25 May 2012 10:37:11 GMT
Expires Sat, 01 Jan 2000 00:00:00 GMT
P3P CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma no-cache
Set-Cookie _e_1vFX_0=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly locale=pl_PL; expires=Fri, 01-Jun-2012 10:37:11 GMT; path=/; domain=.facebook.com wd=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Transfer-Encoding chunked
X-Content-Type-Options nosniff
X-FB-Debug VYI+cCm/Vfpx3US82n06uFuw5gF6UQDg+8GUSpGUL9A=
X-Frame-Options DENY
X-XSS-Protection 0
x-content-security-policy... allow *;script-src https://*.facebook.com http://*.facebook.com https://*.fbcdn.net http://*.fbcdn.net *.facebook.net *.google-analytics.com *.virtualearth.net *.google.com 127.0.0.1:* *.spotilocal.com:*;options inline-script eval-script;report-uri https://www.facebook.com/csp.php
仅显示空白iFrame。
当我重定向到的 URL 直接粘贴到浏览器上时 - 它会显示 Facebook 提示来授权应用程序 。
当iFrame从浏览器上粘贴和打开相同的链接中被重新定位时, 行为为何不同?
今天我注意到这个, 之前的应用是正常的。
This is my sample app: https://apps.facebook.com/acnestop/