Chrome for OS X上的“客户端身份验证示例”不起作用(error = unknown_user)

时间:2012-03-22 16:16:51

标签: facebook macos google-chrome facebook-javascript-sdk facebook-login

原帖:

我正在尝试使用"客户端身份验证和Javascript SDK"在Chrome for OS X上(17.0.963.83)。代码直接从Facebook示例中复制(更新了YOUR_APP_ID):

<!DOCTYPE html>
<html>
  <head>
    <title>Facebook Client-side Authentication Example</title>
  </head>
  <body>
    <div id="fb-root"></div>
    <script>
      // Load the SDK Asynchronously
      (function(d){
         var js, id = 'facebook-jssdk', ref = d.getElementsByTagName('script')[0];
         if (d.getElementById(id)) {return;}
         js = d.createElement('script'); js.id = id; js.async = true;
         js.src = "//connect.facebook.net/en_US/all.js";
         ref.parentNode.insertBefore(js, ref);
       }(document));

      // Init the SDK upon load
      window.fbAsyncInit = function() {
        FB.init({
          appId      : 'YOUR_APP_ID', // App ID
          channelUrl : '//'+window.location.hostname+'/channel', // Path to your Channel File
          status     : true, // check login status
          cookie     : true, // enable cookies to allow the server to access the session
          xfbml      : true  // parse XFBML
        });

        // listen for and handle auth.statusChange events
        FB.Event.subscribe('auth.statusChange', function(response) {
          if (response.authResponse) {
            // user has auth'd your app and is logged into Facebook
            FB.api('/me', function(me){
              if (me.name) {
                document.getElementById('auth-displayname').innerHTML = me.name;
              }
            })
            document.getElementById('auth-loggedout').style.display = 'none';
            document.getElementById('auth-loggedin').style.display = 'block';
          } else {
            // user has not auth'd your app, or is not logged into Facebook
            document.getElementById('auth-loggedout').style.display = 'block';
            document.getElementById('auth-loggedin').style.display = 'none';
          }
        });

        // respond to clicks on the login and logout links
        document.getElementById('auth-loginlink').addEventListener('click', function(){
          FB.login();
        });
        document.getElementById('auth-logoutlink').addEventListener('click', function(){
          FB.logout();
        }); 
      } 
    </script>

    <h1>Facebook Client-side Authentication Example</h1>
      <div id="auth-status">
        <div id="auth-loggedout">
          <a href="#" id="auth-loginlink">Login</a>
        </div>
        <div id="auth-loggedin" style="display:none">
          Hi, <span id="auth-displayname"></span>  
        (<a href="#" id="auth-logoutlink">logout</a>)
      </div>
    </div>

  </body>
</html>

当我点击&#34;登录&#34;时,会出现Facebook弹出窗口。我点击&#34;使用Facebook登录&#34;,弹出窗口消失,&#34; auth-loggedin&#34; div与我的姓名和注销链接一起出现。但是,当我刷新页面时,页面将失去其Facebook授权状态并返回到已注销状态。

预期的行为是页面保持登录状态。

使用控制台,我注意到fbsr cookie暂时出现,并在刷新页面后消失。此外,控制台中捕获以下错误:

  

不安全的JavaScript尝试使用URL访问框架https://s-static.ak.fbcdn.net/connect/xd_proxy.php#cb=f16adb7b1c&origin=http%3A%2F%2F[BASE DOMAIN]%2Ff22295b918&amp; ;关系=开启者&amp; transport = postmessage&amp; frame = f3e8d40458&amp; access_token = [ACCESS TOKEN]&amp; expires_in = 4221&amp; signed_request = [SIGNED REQUEST]&amp; base_domain = [BASE DOMAIN]来自带有URL [MY CODE URL]#的帧。域,协议和端口必须匹配。

我确保频道文件可用,并且无法在OS X上的Firefox或Safari或Windows上的IE,Firefox或Chrome上重现此错误。有任何想法吗?我可以使用服务器端身份验证来解决这个问题,但如果可能的话,我更喜欢使用客户端。

第一次编辑:进一步测试

所以我现在认为&#34;不安全的JavaScript&#34;错误是红鲱鱼。我正在使用频道文件,但它在Firefox或Chrome中都没有被点击。

查看Firefox与Chrome上的网络流量,当首次加载页面时,假设我已在两个浏览器上登录Facebook,我看到正在处理以下请求:

火狐

  • [facebook url] / dialog / oauth?api_key = [app_id]&amp; app_id = [app_id]&amp; channel_url = https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy .PHP%23CB%3Df24509714bbf8d%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ff193ade24ab412%26relation%3Dparent.parent%26transport%3Dpostmessage&安培; CLIENT_ID = [APP_ID]&安培;显示=无&安培;域= [BASE_DOMAIN]&安培;区域设置= EN_US&安培;来源= 1&安培; REDIRECT_URI = HTTPS%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df2b6c8dce7b8936%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ff193ade24ab412 %26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22112636bf762a&安培; RESPONSE_TYPE =记号%2Csigned_request%2Ccode&安培; SDK =乔伊

  • [ssl facebook url] / dialog / oauth?api_key = [app_id]&amp; app_id = [app_id]&amp; channel_url = https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect% 2Fxd_proxy.php%23CB%3Df24509714bbf8d%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ff193ade24ab412%26relation%3Dparent.parent%26transport%3Dpostmessage&安培; CLIENT_ID = [APP_ID]&安培;显示=无&安培;域= [BASE_DOMAIN]&安培;语言环境= EN_US&安培;来源= 1&安培; REDIRECT_URI = HTTPS%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df2b6c8dce7b8936%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]% 252Ff193ade24ab412%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df22112636bf762a&安培; RESPONSE_TYPE =记号%2Csigned_request%2Ccode&安培; SDK =乔伊

  • [ssl fbcdn url] /connect/xd_proxy.php#cb=f2b6c8dce7b8936&origin=http%3A%2F%2F[base_domain]%2Ff193ade24ab412&relation=parent&transport=postmessage&frame=f22112636bf762a&code = 2.AQBMIMy0rSFAnqaA.3600.1332514800.1-5322361%7CU-RUi4ON2SbzfzzDT03CTeT-DGQ&安培; signed_request = [signed_request]&安培; =的access_token [的access_token]&安培; expires_in = 4302&安培; BASE_DOMAIN = [BASE_DOMAIN]&安培; HTTPS = 1

    < / LI>

  • [facebook url] /dialog/oauth?api_key=[app_id]&app_id=[app_id]&channel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy .PHP%23CB%3Df1b2a93294%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ffdca87bc8%26relation%3Dparent.parent%26transport%3Dpostmessage&安培; CLIENT_ID = [APP_ID]&安培;显示=无&安培;域= [BASE_DOMAIN]&安培;区域设置= EN_US&安培;来源= 1&安培; REDIRECT_URI = HTTPS%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%23CB%3Df14d4dd364%26origin%3Dhttp%253A%252F%252F [BASE_DOMAIN]%252Ffdca87bc8 %26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df230336ee8&安培; RESPONSE_TYPE =记号%2Csigned_request%2Ccode&安培; SDK =乔伊

  • [ssl fbcdn url] /connect/xd_proxy.php#cb=f14d4dd364&origin=http%3A%2F%2F[base_domain]%2Ffdca87bc8&relation=parent&transport=postmessage&frame=f230336ee8&error = unknown_user

我想这是因为Chrome没有设置fbsr cookie;这是一个很长的路引导我回到我原来的问题。为什么Chrome没有设置fbsr cookie(并且,它是否与&#34;不安全的JavaScript尝试访问带有URL&#34的帧;因为那是在hash中发送signed_request值?)< / p>

毕竟,我和bug一起去了。除非有人有更好的主意!

1 个答案:

答案 0 :(得分:3)

报告为错误

https://developers.facebook.com/bugs/290064861064054

该问题似乎与Chrome设置有关。具体来说,浏览器设置为拒绝第三方cookie。一旦我允许第三方cookie,就设置了fbsr_x cookie并且登录状态在重新加载时保持不变。我不确定为什么Chrome会将此视为第三方Cookie,但我确认这种行为在各个平台上都是一致的,而不仅仅是OS X.