FB.Login(...)在Facebook iFrame App中仅支持Chrome浏览器的跨域脚本错误 [英] Chrome-only cross-domain scripting errs in Facebook iFrame App upon FB.Login(..)
问题描述
在谷歌浏览器(我在9.0.597.98上),使用Graph API / Javascript SDK的我的Facebook iFrame应用程序往往会基于跨域引发以下两个JavaScript错误脚本,但只在应用程序的一页上。
它在第二条消息中进入无尽的重试循环。在过夜之后,它在今天早上报告了50万次重试!
正在使用的FB调用用于登录:
FB。 login(function(response){
if(response.session){
//用户成功登录
} else {
//用户取消登录
}
});
在Firefox和IE9中,我不会收到这些错误。这是特定于Chrome(也许是WebKit)。
奇怪的是,我在应用程序中使用了 FB.Login 的第二个页面,它可以在Chrome中运行浏览器。
我在某处读到Safari对跨域脚本编写有更严格的要求 - 它和Chrome共享相同的代码库。
域名,协议和端口必须匹配(错误信息)我相信实际上是满意的,因为我有另一个页面使用 FB.Login 调用我在这两条消息之间唯一的区别是 postmessage 查询参数对每个参数都有不同的值(粗体在消息中)。然而,只有一个构成Facebook应用程序的iFrame,所以我想知道为什么两个不同的值可以一个接一个地使用。我不是故意带领答案专注于这个项目,但我确实想指出。
建议我可以尝试解决此错误。
Chrome浏览器JavaScript控制台消息:
消息1 :不安全的JavaScript尝试通过URL访问框架
https://www.facebook.com/dialog/permissions.request?api_key=168297653202478&app_id=168297653202478&display=popup&fbconnect=0&locale=zh_CN&方法= permissions.request&安培;下一个HTTP =%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df3d15633dc%26origin%3Dhttp%253A%252F%252Fsubdomain.exam ple.com%252Ff22a8befa%26relation%3Dopener%26transport%3D postmessage %26frame%3D f111baf6f4 %26result%3D%2522xxRESULTTOKENxx%2522& perms = publish_stream% 2Coffline_access&安培; return_session = 1&安培; SDK =乔伊&安培;与URL http://subdomain.example.com/colonversationmap/Admin.TestPage.aspx?signed_request=871miFgH_-o05POnx20387XHd2YlArKLU6qUv8VkxY4.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTI5ODQyMDEwMSwidXNlciI6eyJjb3VudHJ5IjoiY2EiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19 。域名,协议和端口必须匹配。
Message 2 :不安全的JavaScript尝试通过URL访问框架 p>
https://www.facebook.com/dialog/permissions.request?api_key=168297653202478&app_id=168297653202478&display=popup&fbconnect=0&locale= EN_US&安培;方法= permissions.request&安培;下一个HTTP =%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df304d46e08%26origin%3Dhttp%253A%252F%252Fsubdomain.example.com%252Ff23ce8203% 26relation%3Dopener%26transport%3D postmessage %26frame%3D fcd3637bc %26result%3D%2522xxRESULTTOKENxx%2522& perms = publish_stream%2Coffline_access& return_session = 1& sdk = joey& session_version = 3来自具有URL的帧 http://subdomain.example.com/colonversationmap/Admin.TestPage.aspx?signed_request=871miFgH_-o05POnx20387XHd2YlArKLU6qUv8VkxY4.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTI5ODQyMDEwMSwidXNlciI6eyJjb3VudHJ5IjoiY2EiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19 。域名,协议和端口必须匹配。
我还遇到了 getLoginStatus()在Chrome中未被调用。我试着在页面加载和用户启动后没有成功的情况下调用它。
事实证明,这不是一个跨域问题。该通话被Chrome中的 Un-Passwordise 扩展程序拦截。只要禁用了扩展名,即使在网页加载时,它也能正常工作。
In Google Chrome (I'm on 9.0.597.98) my Facebook iFrame app using Graph API/Javascript SDK tends to always throw the following two JavaScript errors (see below) based on cross-domain scripting, but only on one page of the app.
It goes into an endless retry loop on the second message. After leaving it overnight, it reported a half million retries by this morning!
The FB call being used is for login:
FB.login(function(response) {
if (response.session) {
// user successfully logged in
} else {
// user cancelled login
}
});
In Firefox and IE9 I do not get these errors. It's specific to Chrome (maybe WebKit).
What's odd is I have a second page in the app that uses FB.Login and it works in Chrome in addition to the other browsers.
I read somewhere that Safari has more stringent requirements on cross domain scripting - it and Chrome share the same code base.
Domains, protocols and ports must match (error message) I believe is actually satisfied because I have another page that works with the FB.Login call The only other difference I see between these two messages is the postmessage query argument has a different value for each (bolded in the messages). However there is only one iFrame that constitutes a Facebook app so I wonder why two different values might be used one after the other. I don't mean to lead answers to focus on this item, but I did want to point it out.
Suggestions are welcome as to what I might try to resolve this errors.
Chrome JavaScript Console Messages:
Message 1: Unsafe JavaScript attempt to access frame with URL
https://www.facebook.com/dialog/permissions.request?api_key=168297653202478&app_id=168297653202478&display=popup&fbconnect=0&locale=en_US&method=permissions.request&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23cb%3Df3d15633dc%26origin%3Dhttp%253A%252F%252Fsubdomain.example.com%252Ff22a8befa%26relation%3Dopener%26transport%3D postmessage %26frame%3D f111baf6f4 %26result%3D%2522xxRESULTTOKENxx%2522&perms=publish_stream%2Coffline_access&return_session=1&sdk=joey&session_version=3 from frame with URL http://subdomain.example.com/colonversationmap/Admin.TestPage.aspx?signed_request=871miFgH_-o05POnx20387XHd2YlArKLU6qUv8VkxY4.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTI5ODQyMDEwMSwidXNlciI6eyJjb3VudHJ5IjoiY2EiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19. Domains, protocols and ports must match.
Message 2: Unsafe JavaScript attempt to access frame with URL
https://www.facebook.com/dialog/permissions.request?api_key=168297653202478&app_id=168297653202478&display=popup&fbconnect=0&locale=en_US&method=permissions.request&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23cb%3Df304d46e08%26origin%3Dhttp%253A%252F%252Fsubdomain.example.com%252Ff23ce8203%26relation%3Dopener%26transport%3D postmessage %26frame%3D fcd3637bc %26result%3D%2522xxRESULTTOKENxx%2522&perms=publish_stream%2Coffline_access&return_session=1&sdk=joey&session_version=3 from frame with URL http://subdomain.example.com/colonversationmap/Admin.TestPage.aspx?signed_request=871miFgH_-o05POnx20387XHd2YlArKLU6qUv8VkxY4.eyJhbGdvcml0aG0iOiJITUFDLVNIQTI1NiIsImlzc3VlZF9hdCI6MTI5ODQyMDEwMSwidXNlciI6eyJjb3VudHJ5IjoiY2EiLCJsb2NhbGUiOiJlbl9VUyIsImFnZSI6eyJtaW4iOjIxfX19. Domains, protocols and ports must match.
I also ran into an issue where the getLoginStatus() was not being called in Chrome. I tried calling it on page load and after a user-initiated action with no success.
It turned out that it was not a cross-domain issue. The call was being blocked by the Un-Passwordise extension in Chrome. As soon as I disabled the extension, it worked perfectly, even on page load.
More info about this issue here: FB.getLoginStatus never fires the callback function in Facebook's JavaScript SDK
这篇关于FB.Login(...)在Facebook iFrame App中仅支持Chrome浏览器的跨域脚本错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
