Facebook:不安全的JavaScript问题(document.domain值应该相同) [英] Facebook: Unsafe JavaScript issue (document.domain values should be same)
问题描述
Mine是基于canvas的FB应用程序。面对Chrome和Firefox上的问题(虽然通常是Chrome):
Mine is a FB App based on canvas. Facing an issue both on Chrome and Firefox, (although usually Chrome):
1.当我在新的隐身Chrome窗口中打开我批准的fb应用安全网址时href =https://apps.facebook.com/myfbappnamespace/> https://apps.facebook.com/myfbappnamespace/ ),下面的错误只是第一次出现,当我刷新页面错误已消失(大部分时间)
1.When I hit my approved fb app secure URL on a new incognito Chrome window (https://apps.facebook.com/myfbappnamespace/), the below error comes only for the first time, and when I refresh the page the error is gone (most of the times)
页面大约:空白显示不安全内容
http://static.ak.facebook.com/connect/xd_arbiter.php?version=18 #cb = f2e4fe7b ... os.com%2Ff4aeadb2& domain = www.mydomain.com& relation = parent& error = unknown_user。
The page at about:blank displayed insecure content from http://static.ak.facebook.com/connect/xd_arbiter.php?version=18#cb=f2e4fe7b…os.com%2Ff4aeadb2&domain=www.mydomain.com&relation=parent&error=unknown_user.
不安全的JavaScript尝试访问框架(网址为
) http://www.mydomain.com/control/myfacebookapp/ URL
http://static.ak.facebook.com/connect /xd_arbiter.php?version=18#cb=f2e4fe7b ... os.com%2Ff4aeadb2& domain = www.mydomain.com& relation = parent& error = unknown_user。
请求访问集document.domain到facebook.com的框架,
,但被访问的框架没有。两者都必须将document.domain
设置为允许访问的相同值。
xd_arbiter.php:18
Unsafe JavaScript attempt to access frame with URL
http://www.mydomain.com/control/myfacebookapp/ from frame with URL
http://static.ak.facebook.com/connect/xd_arbiter.php?version=18#cb=f2e4fe7b…os.com%2Ff4aeadb2&domain=www.mydomain.com&relation=parent&error=unknown_user.
The frame requesting access set 'document.domain' to 'facebook.com',
but the frame being accessed did not. Both must set 'document.domain'
to the same value to allow access.
xd_arbiter.php:18
不安全的JavaScript尝试通过URL访问框架
http://www.mydomain.com/control/myfacebookapp/ 从框架与URL
http://static.ak.facebook.com/ connect / xd_arbiter.php?version = 18#cb = f2e4fe7b ... os.com%2Ff4aeadb2& domain = www.mydomain.com& relation = parent& error = unknown_user。
请求访问集document.domain到facebook.com的框架,
,但被访问的框架没有。两者必须将document.domain
设置为相同的值以允许访问。 xd_arbiter.php:18
Unsafe JavaScript attempt to access frame with URL http://www.mydomain.com/control/myfacebookapp/ from frame with URL http://static.ak.facebook.com/connect/xd_arbiter.php?version=18#cb=f2e4fe7b…os.com%2Ff4aeadb2&domain=www.mydomain.com&relation=parent&error=unknown_user. The frame requesting access set 'document.domain' to 'facebook.com', but the frame being accessed did not. Both must set 'document.domain' to the same value to allow access. xd_arbiter.php:18
2.当我尝试http url( http://apps.facebook.com/myfbappnamespace/ ),控制台中显示的错误是:
2.When I try the http url(http://apps.facebook.com/myfbappnamespace/), the error shown in console is:
不安全的JavaScript尝试使用网址访问框架
http://apps.facebook.com/myfbappnamespace/ 从带有URL的框架
https://s-static.ak .facebook.com / connect / xd_arbiter.php?version = 18#channel = ... Fcontrol%2Ffacebookappchannelurl%3Ffb_xd_fragment%23xd_sig%3Df23e84e85c%26。
请求访问的帧具有协议https,被访问的
的帧具有协议'http'。协议必须匹配。
Unsafe JavaScript attempt to access frame with URL http://apps.facebook.com/myfbappnamespace/ from frame with URL https://s-static.ak.facebook.com/connect/xd_arbiter.php?version=18#channel=…Fcontrol%2Ffacebookappchannelurl%3Ffb_xd_fragment%23xd_sig%3Df23e84e85c%26. The frame requesting access has a protocol of 'https', the frame being accessed has a protocol of 'http'. Protocols must match.
现在当我登录到我的fb帐户,看看这些错误会发生什么, 。我知道我在使用大部分时间和有时在我的查询,但这正是发生在我身上。我也搜索论坛,意识到fb已经修复了这个旧问题,应该是chrome具体。我已经确保我的FB.init和其他调用是location.protocol值具体。还在画布网址(http)和安全画布网址(https)中配置了正确的值。也尝试与两个设置:
帐户设置 - >安全 - >安全浏览 - >(启用和禁用)
Now when I login to my fb account to see what happens with these errors, they are gone, again only sometimes. I know that I am using "most of the times" and "sometimes" here in my query but that is exactly what is happening with me. I have also searched forums and realize that fb has already fixed this old issue which was supposed to be chrome specific. I have made sure that my FB.init and other calls are location.protocol value specific. Also configured correct values in canvas url (http) and secure canvas url (https). Also tried with both the settings: Account Settings -> Security -> Secure Browsing -> (Enabled as well as Disabled)
有人请帮助,如果我
推荐答案
有很多可能的问题。尝试使用以下解决方案之一:
There are a lot of possible issues. Try with one of these solutions:
- 协议必须相同(因此,尝试访问iframe的页面必须具有相同的协议提供iframe的网站),因此如果您以沙箱模式(http而不是https)测试应用,请停用测试帐户的安全浏览模式。
- code> FB.init() (见下面的代码)
- 启用apache的标题mod,在.htaccess中的行
- 将
< div id =fb-root>< / div>body标签,如fb doc中所述: https://developers.facebook.com/docs/reference/javascript/
- 尝试在用户操作(如点击登录按钮)后放置所有自动登录代码
- 删除尾部斜线从
http://yoursite.com? - 编辑您的
< html>标签:< html xmlns =http://www.w3.org/1999/xhtmlxmlns:fb =https: /www.facebook.com/2008/fbml\">
- protocols must be the same (so the page that attempts to access the iframe must have the same protocol of the site that deliver the iframe), so if you are testing your app in sandbox mode (http instead of https), disable the "Secure browsing" mode of your testing account
- channelUrl on
FB.init()(see code below) - enable the headers mod of apache and put the below lines in your .htaccess
- put the
<div id="fb-root"></div>after the body tag as explained in the fb doc here: https://developers.facebook.com/docs/reference/javascript/ - try to put all the automated login code after a user action (like a click on a login button)
- remove the trailing slash from the Canvas URL (in app→settings) like
http://yoursite.com? - edit your
<html>tag like this:<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="https://www.facebook.com/2008/fbml">
.htaccess的代码
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "*"
</IfModule>
频道代码问题:
FB.init({
appId: '1234567890',
status: true,
cookie: true,
xfbml: true,
channelUrl : '//yoursite.com/channel.html'
});
您的服务器发送的 channel.html 应包含以下一行:
The channel.html delivered by your server should contain this single line:
<script src="//connect.facebook.net/en_US/all.js"></script>
EDIT
关于您的第一个问题:
The page at about:blank displayed insecure content from http://static.ak.facebook.com/connect/xd_arbiter.php?version=18#cb=f2e4fe7b…os.com%2Ff4aeadb2&domain=www.mydomain.com&relation=parent&error=unknown_user.
这是一个预期的异常,用于测试条件 - 这没有副作用
This is an expected exception that is used to test for a condition - this has no side effects so don't care about it.
请参阅以下问题:不安全的JavaScript尝试使用URL访问框架:域,协议和端口必须匹配。
这篇关于Facebook:不安全的JavaScript问题(document.domain值应该相同)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
