点击链接时加载facebook canvas应用程序(如果目标顶部) [英] Slow load facebook canvas app when click on links (if target top)
问题描述
问题:太慢了!即使我在本地进行测试,我按下的每次点击需要1秒的时间来渲染,我的画布变成完全白色,然后显示信息,这将是一个糟糕的用户体验。
我的测试:如果我删除target = _top,并将我的所有链接的href指向我的服务器,而没有app.facebook.com/whatever,它很快加载。
我的疑惑:这有什么安全问题吗?如果我指出所有链接到我的服务器(没有apps.facebook.com),我无法检查签名的请求,我只会在主页上检查。
任何建议?任何教程?我有什么失误吗? (这是我的第一个Facebook应用程序)
你读过服务器端认证教程?
你做错了。
一旦用户进入你的应用程序,你应该保持所有链接在同一个框架,加载整个窗口与Facebook完全是多余的。
您应该做什么:
当您使用签名请求获取POST时,解码它并检查用户是否被认证,如果他在某处(会话,数据库,缓存)中持久存储数据(令牌等)。
如果他没有通过身份验证将他发送到本教程中所述的auth对话框,当他重新交换代码(GET)中的代码(也在教程中显示),然后将其重定向到http (s)://apps.facebook.com/YOUR_APP,您将被发送到经过身份验证的签名请求,保存等。
由于您坚持数据,在不是POST的每个请求中,或者不包括signed_request检查数据的持久性选择,并使用它。
应该只有两次当您的画布加载时,Facebook会将您的请求发送给您,第二个是当用户从认证对话框返回时,您可以在其中获取代码参数或错误,以防用户拒绝认证。
其他请求应该是从你的应用程序(在iframe里面)到应用服务器。
Situation: I am developing a facebook canvas app. Facebook is sending my sever a POST request with the signed_request each time that a page is render. Inside my app I have all my links with target="_top" because if I don't, facebook send my server a common GET without the signed request. So I cann't check the user info.
Problem: It is too slow! even if I am testing it in local, each click that I press takes 1 sec to render and my canvas becomes completely white and then the info is shown, It will be a bad user experience.
My tests: If I remove the target=_top and I point all my links' href to my server without the app.facebook.com/whatever, it loads very quickly.
My doubts: Is there any security issue with this? If I point all the links to my server (no apps.facebook.com) I can not check the signed request, I will only check it in the main page..
Any advice? any tutorial? Do I have any misundestanding of this? (It is my first facebook app)
Have you read the Server-Side Authentication tutorial? You're doing it wrong.
Once the users lands in your app you should keep all links in the same frame, loading the entire window along with facebook is completely redundant.
What you should do:
When you get the POST with the signed request, decode it and check if the user is authenticated, if he is persist the data (token and such) somewhere (session, db, cache). If he is not authenticated send him to the auth dialog as noted in the tutorial, when he gets back exchange the code you get (in GET) for the token (also shown in the tutorial), then redirect him to http(s)://apps.facebook.com/YOUR_APP and you'll be posted with the authenticated signed request, save it, etc..
Since you persist the data, in every request that is not POST or don't include the signed_request check your persistency choice for the data, and use it.
There should be only two times where facebook sends you the request, once it is POST when your canvas is loaded, the 2nd is when the user returns from the authentication dialog, in which you either get the code parameter or error in case the user declined the authentication. Other requests should be from your app (inside the iframe) into the app servers.
这篇关于点击链接时加载facebook canvas应用程序(如果目标顶部)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
