与Facebook登录不匹配CSRF状态令牌问题 [英] Problem with Facebook login not matching CSRF state token

问题描述

我做了一些搜索，我没有发现任何东西，是有关我的问题。

I did some searches and I didn't find anything that was related to my problem.

目前，我想要实现一个Facebook登录到我的网站，我有因htaccess的mod-rewriteURL的问题与登录验证？

I'm currently trying to implement a Facebook login to my website and I'm having problems with the login authentication due to htaccess mod rewrite URLs?

在code完美的作品，如果我不需要使用mod-rewrite规则，就像我得到登录：

The code works perfectly and I get logged in if I use it without the mod rewrite rules like:

domain.com/view_webhosting.php?webhosting=name

但只要我去到mod-rewriteURL

But as soon as I go over to the mod rewrite URL

domain.com/webhosting-name/

然后，它只是不工作，并抛出一个错误CSRF状态令牌不匹配一个规定。

Then it just doesnt work and throws a error "CSRF state token does not match one provided."

在htaccess的文件时，它看起来像这样

in the htaccess file it looks like this

RewriteRule ^webhosting-([a-z_0-9-]+)/$ /view_webhosting.php?webhosting=$1 [L]

任何人都有一个解决方案，这样的问题呢？我使用Facebook的SDK V3.1.1

Anyone have a solution to a problem like this? I am using Facebook SDK v3.1.1

推荐答案

在PHP SDK预计，状态字段是在$ _REQUEST（我相信作为一个GET参数）重定向后，才可以交换code'的访问令牌。从base_facebook.php：

The PHP SDK expects the 'state' field to be in $_REQUEST (I believe as a GET param) after the redirect before you can exchange the 'code' for an access token. From base_facebook.php:

protected function getCode() {
  if (isset($_REQUEST['code'])) {
    if ($this->state !== null &&
      isset($_REQUEST['state']) &&
      $this->state === $_REQUEST['state']) {

      // CSRF state has done its job, so clear it
      $this->state = null;
      $this->clearPersistentData('state');
      return $_REQUEST['code'];
    } else {
      self::errorLog('CSRF state token does not match one provided.');
      return false;
    }
  }

  return false;
}

您重写规则可以踩在该参数。

Your RewriteRule may be stomping on that param.

这篇关于与Facebook登录不匹配CSRF状态令牌问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！