Facebook服务器端登录，CORS [英] Facebook server-side login, CORS

问题描述

我正在通过FB服务器端登录来实现一个网站，其简化步骤如下:

I'm implementing a web site with FB server-side login as simplified steps below:

1. 一个简单的按钮触发JS脚本，该脚本调用我的后端API https://localhost/fblogin

function sendFbLoginData() {
    $.get("https://localhost/fblogin", function(data, status) {});
}

在/fblogin的后端处理程序中，用户被重定向到FB登录对话框，以请求权限和访问令牌.

In the backend handler of /fblogin the user is redirected to FB login dialog for requesting permissions and access token.

func (ct *LoginController) FbLogin() {
    url := "https://www.facebook.com/dialog/oauth?client_id=xxx&redirect_uri=https://localhost/fboauth2cb&response_type=code&scope=public_profile"
    ct.Redirect(url, 302)
    return
}

在浏览器控制台上显示错误消息:

At browser console shows error msg:

XMLHttpRequest cannot load https://www.facebook.com/dialog/oauth?client_id=xxx&redirect_ur…e_type=code&scope=public_profile. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://localhost' is therefore not allowed access.

在谷歌搜索后，我意识到这是一个CORS问题.由于我无法改变Facebook的行为，我该如何解决这个问题?还是从根本上我以错误的方式进行了fb服务器端登录?

After googling I realize this is a CORS problem. Since I cannot change Facebook's behavior, how do I deal with this problem? or fundamentally I do fb server-side login in a wrong way?

ps.我的环境是AWS + Beego(golang)

ps. my env is AWS + Beego (golang)

推荐答案

您不能从JavaScript请求 https://www.facebook.com/dialog/oauth?... 并等待结果；该页面旨在显示在浏览器中，以便Facebook可以要求用户提供其凭据和使用其帐户在您的应用程序中的权限.

You cannot ask for https://www.facebook.com/dialog/oauth?... from JavaScript and wait for its results; that page is intended to be shown in a browser, so that Facebook can ask the user for its credentials and permission to use his account in your app.

所以，而不是:

    $.get("https://localhost/fblogin", function(data, status) {});

您应使用类似以下内容的

you should use something like:

    location = "https://localhost/fblogin";

这篇关于Facebook服务器端登录，CORS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！