与Facebook登录不匹配CSRF状态令牌问题 [英] Problem with Facebook login not matching CSRF state token
问题描述
我做了一些搜索,我没有发现任何东西,是有关我的问题。
I did some searches and I didn't find anything that was related to my problem.
目前,我想要实现一个Facebook登录到我的网站,我有因htaccess的mod-rewriteURL的问题与登录验证?
I'm currently trying to implement a Facebook login to my website and I'm having problems with the login authentication due to htaccess mod rewrite URLs?
在code完美的作品,如果我不需要使用mod-rewrite规则,就像我得到登录:
The code works perfectly and I get logged in if I use it without the mod rewrite rules like:
domain.com/view_webhosting.php?webhosting=name
但只要我去到mod-rewriteURL
But as soon as I go over to the mod rewrite URL
domain.com/webhosting-name/
然后,它只是不工作,并抛出一个错误CSRF状态令牌不匹配一个规定。
Then it just doesnt work and throws a error "CSRF state token does not match one provided."
在htaccess的文件时,它看起来像这样
in the htaccess file it looks like this
RewriteRule ^webhosting-([a-z_0-9-]+)/$ /view_webhosting.php?webhosting=$1 [L]
任何人都有一个解决方案,这样的问题呢?我使用Facebook的SDK V3.1.1
Anyone have a solution to a problem like this? I am using Facebook SDK v3.1.1
推荐答案
在PHP SDK预计,状态字段是在$ _REQUEST(我相信作为一个GET参数)重定向后,才可以交换code'的访问令牌。从base_facebook.php:
The PHP SDK expects the 'state' field to be in $_REQUEST (I believe as a GET param) after the redirect before you can exchange the 'code' for an access token. From base_facebook.php:
protected function getCode() {
if (isset($_REQUEST['code'])) {
if ($this->state !== null &&
isset($_REQUEST['state']) &&
$this->state === $_REQUEST['state']) {
// CSRF state has done its job, so clear it
$this->state = null;
$this->clearPersistentData('state');
return $_REQUEST['code'];
} else {
self::errorLog('CSRF state token does not match one provided.');
return false;
}
}
return false;
}
您重写规则可以踩在该参数。
Your RewriteRule may be stomping on that param.
这篇关于与Facebook登录不匹配CSRF状态令牌问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!