我正在尝试使用"客户端身份验证和Javascript SDK"在Chrome for OS X上(17.0.963.83)。代码直接从Facebook示例中复制(更新了YOUR_APP_ID):
<!DOCTYPE html>
<html>
<head>
<title>Facebook Client-side Authentication Example</title>
</head>
<body>
<div id="fb-root"></div>
<script>
// Load the SDK Asynchronously
(function(d){
var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0];
if (d.getElementById(id)) {return;}
js = d.createElement('script'); js.id = id; js.async = true;
js.src = "//connect.facebook.net/en_US/all.js";
ref.parentNode.insertBefore(js, ref);
}(document));
// Init the SDK upon load
window.fbAsyncInit = function() {
FB.init({
appId : 'YOUR_APP_ID', // App ID
channelUrl : '//'+window.location.hostname+'/channel', // Path to your Channel File
status : true, // check login status
cookie : true, // enable cookies to allow the server to access the session
xfbml : true // parse XFBML
});
// listen for and handle auth.statusChange events
FB.Event.subscribe('auth.statusChange', function(response) {
if (response.authResponse) {
// user has auth'd your app and is logged into Facebook
FB.api('/me', function(me){
if (me.name) {
document.getElementById('auth-displayname').innerHTML = me.name;
}
})
document.getElementById('auth-loggedout').style.display = 'none';
document.getElementById('auth-loggedin').style.display = 'block';
} else {
// user has not auth'd your app, or is not logged into Facebook
document.getElementById('auth-loggedout').style.display = 'block';
document.getElementById('auth-loggedin').style.display = 'none';
}
});
// respond to clicks on the login and logout links
document.getElementById('auth-loginlink').addEventListener('click', function(){
FB.login();
});
document.getElementById('auth-logoutlink').addEventListener('click', function(){
FB.logout();
});
}
</script>
<h1>Facebook Client-side Authentication Example</h1>
<div id="auth-status">
<div id="auth-loggedout">
<a href="#" id="auth-loginlink">Login</a>
</div>
<div id="auth-loggedin" style="display:none">
Hi, <span id="auth-displayname"></span>
(<a href="#" id="auth-logoutlink">logout</a>)
</div>
</div>
</body>
</html>
当我点击&#34;登录&#34;时,会出现Facebook弹出窗口。我点击&#34;使用Facebook登录&#34;,弹出窗口消失,&#34; auth-loggedin&#34; div与我的姓名和注销链接一起出现。但是,当我刷新页面时,页面将失去其Facebook授权状态并返回到已注销状态。
预期的行为是页面保持登录状态。
使用控制台,我注意到fbsr cookie暂时出现,并在刷新页面后消失。此外,控制台中捕获以下错误:
不安全的JavaScript尝试使用URL访问框架https://s-static.ak.fbcdn.net/connect/xd_proxy.php#cb=f16adb7b1c&origin=http%3A%2F%2F[BASE DOMAIN]%2Ff22295b918&amp; ;关系=开启者&amp; transport = postmessage&amp; frame = f3e8d40458&amp; access_token = [ACCESS TOKEN]&amp; expires_in = 4221&amp; signed_request = [SIGNED REQUEST]&amp; base_domain = [BASE DOMAIN]来自带有URL [MY CODE URL]#的帧。域,协议和端口必须匹配。
我确保频道文件可用,并且无法在OS X上的Firefox或Safari或Windows上的IE,Firefox或Chrome上重现此错误。有任何想法吗?我可以使用服务器端身份验证来解决这个问题,但如果可能的话,我更喜欢使用客户端。
所以我现在认为&#34;不安全的JavaScript&#34;错误是红鲱鱼。我正在使用频道文件,但它在Firefox或Chrome中都没有被点击。
查看Firefox与Chrome上的网络流量,当首次加载页面时,假设我已在两个浏览器上登录Facebook,我看到正在处理以下请求:
火狐
[facebook url] / dialog / oauth?api_key = [app_id]&amp; app_id = [app_id]&amp; channel_url = https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy .PHP%23CB%3Df24509714bbf8d%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ff193ade24ab412%26relation%3Dparent.parent%26transport%3Dpostmessage&安培; CLIENT_ID = [APP_ID]&安培;显示=无&安培;域= [BASE_DOMAIN]&安培;区域设置= EN_US&安培;来源= 1&安培; REDIRECT_URI = HTTPS%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df2b6c8dce7b8936%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ff193ade24ab412 %26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22112636bf762a&安培; RESPONSE_TYPE =记号%2Csigned_request%2Ccode&安培; SDK =乔伊
[ssl facebook url] / dialog / oauth?api_key = [app_id]&amp; app_id = [app_id]&amp; channel_url = https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect% 2Fxd_proxy.php%23CB%3Df24509714bbf8d%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ff193ade24ab412%26relation%3Dparent.parent%26transport%3Dpostmessage&安培; CLIENT_ID = [APP_ID]&安培;显示=无&安培;域= [BASE_DOMAIN]&安培;语言环境= EN_US&安培;来源= 1&安培; REDIRECT_URI = HTTPS%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df2b6c8dce7b8936%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]% 252Ff193ade24ab412%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22112636bf762a&安培; RESPONSE_TYPE =记号%2Csigned_request%2Ccode&安培; SDK =乔伊
[ssl fbcdn url] /connect/xd_proxy.php#cb=f2b6c8dce7b8936&origin=http%3A%2F%2F[base_domain]%2Ff193ade24ab412&relation=parent&transport=postmessage&frame=f22112636bf762a&code = 2.AQBMIMy0rSFAnqaA.3600.1332514800.1-5322361%7CU-RUi4ON2SbzfzzDT03CTeT-DGQ&安培; signed_request = [signed_request]&安培; =的access_token [的access_token]&安培; expires_in = 4302&安培; BASE_DOMAIN = [BASE_DOMAIN]&安培; HTTPS = 1
< / LI>铬
[facebook url] /dialog/oauth?api_key=[app_id]&app_id=[app_id]&channel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy .PHP%23CB%3Df1b2a93294%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ffdca87bc8%26relation%3Dparent.parent%26transport%3Dpostmessage&安培; CLIENT_ID = [APP_ID]&安培;显示=无&安培;域= [BASE_DOMAIN]&安培;区域设置= EN_US&安培;来源= 1&安培; REDIRECT_URI = HTTPS%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df14d4dd364%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ffdca87bc8 %26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df230336ee8&安培; RESPONSE_TYPE =记号%2Csigned_request%2Ccode&安培; SDK =乔伊
[ssl fbcdn url] /connect/xd_proxy.php#cb=f14d4dd364&origin=http%3A%2F%2F[base_domain]%2Ffdca87bc8&relation=parent&transport=postmessage&frame=f230336ee8&error = unknown_user
我想这是因为Chrome没有设置fbsr cookie;这是一个很长的路引导我回到我原来的问题。为什么Chrome没有设置fbsr cookie(并且,它是否与&#34;不安全的JavaScript尝试访问带有URL&#34的帧;因为那是在hash中发送signed_request值?)< / p>
毕竟,我和bug一起去了。除非有人有更好的主意!
答案 0 :(得分:3)
见https://developers.facebook.com/bugs/290064861064054
该问题似乎与Chrome设置有关。具体来说,浏览器设置为拒绝第三方cookie。一旦我允许第三方cookie,就设置了fbsr_x cookie并且登录状态在重新加载时保持不变。我不确定为什么Chrome会将此视为第三方Cookie,但我确认这种行为在各个平台上都是一致的,而不仅仅是OS X.