If you are using a page tab on facebook, you can connect other websites inside the iframe. I want to get the url of facebook within the facebook page. when I am trying to get window.location.url, it shows my website url, how to do it in facebook page to get facebook url
You can't. Your Facebook application exists within an iframe, which cannot access the parent window on facebook.com due to same-origin restrictions in all major browsers. It is effectively sandboxed.
However, the Facebook signed request will include the ID of the Facebook Page your tab is being accessed on.
Related
I'm trying to handle reauthentication using a different Authorisation website, while within a Single Page Application (SPA) in my home website. Both websites are internal to a client site.
I can't use the standard "redirect" method as I'll lose my SPA JavaScript context.
I've investigated and had CORS setup on the Auth website so it's now returning Access-Control-Allow-Origin: https://www.mywebsite.com. When I try to load the Auth page into a JQuery UI dialog it fails as the scripts all try to load in the context of the Home website.
i.e.
From my website https://www.mywebsite.com/static/
I'm loading https://www.auth.com/login.html.
When loaded into a JQuery UI dialog it tries to load it's scripts as https://www.mywebsite.com/static/scripts/authscript.js
instead of
https://www.auth.com/scripts/authscript.js
I also tried loading the Auth page into an iframe by changing the src tag but it just reloaded the page.
Is there a way to change the Source directory in the context of the CORS web page I'm trying to show?
So I couldn't get the page to load correctly into a standard jQuery Modal dialog and I have no control over the Auth page I was connecting to. To solve this I investigated the problem I was having with the iframe and used an HTML5 feature sandbox to fix it.
The Auth page was using a "break out" script to reload the page if it was loaded into an iframe and obviously this broke my SPA context. HTML5 allows you to restrict the contents of an iframe.
<iframe src="" id="my_auth" sandbox="allow-forms allow-scripts allow-same-origin"></iframe>
allow-forms Allow form and submit
allow-scripts let it run JavaScript
allow-same-origin let it consider the Origin the same as the script (i.e. the Auth website), this was necessary to enable cookies
Of note is that I am not including allow-top-navigation which is what was allowing the reload of the page and loss of my JavaScript context
VoilĂ , auth page displayed inside a jQuery modal dialog (containing the iframe) with no need to pop up another window.
CORS was necessary to allow the redirect to the Auth website (which happens in the browser before JavaScript gets involved). You could also trap the "Access-control-allow-origin" exception instead.
The iframe with the Siteminder login was accessing a page from my site that set a value in localStorage once the user had logged in. The app just polled localStorage in the background to see if the user had logged in successfully.
Hope this is useful to someone.
After I installed the iframehost app and edited content. The app how to know my page id and render the content successfully. I want to make an app such as it.
My problem is: Assume many users installed my App for their page, but I don't know how to get the page id from different Iframe for each request the page. Please, who can explain how to get page id from iframe when users enter the Facebook page tab.
You can get the Page ID with the signed_request parameter. Here are some threads where this is explained already:
Facebook API get Fanpage ID inside Page Tab
Get Facebook Page Tab ID of current Tab?
how to get facebook page id inside page fan tab using facebook javascript sdk
How can I find out what Page has installed my Facebook App / which page is loading my app
I'm writing an app. for Facebook using HTML and Javascript. I'm trying to detect with javascript when the "Like" button on the Facebook page is clicked. I don't want to embed a "Like" button on my app page as Facebook already has a "Like" button at the top of the page right after my company's name.
I'm using Facebook's iFrame to display my app, but I haven't found any examples in Javascript to catch the "Like" click event.
Thanks for any help
Because it is in an Iframe the same origin policy applies. You cannot access content cross-domain. It is a security violation.
On Facebook Pages, this is done through the Static FBML app. However, Facebook phased it out on 18 March 2011, but pages using the app before that date (including BobbiBrown) will continue using it.
My site is built on the zend framework. I have a link on my site that opens an iframe in order for a user to post to twitter. I can load the iframe just fine, but if the user has not yet authorized twitter, the iframe redirects to the twitter authorization page, and then back to my site.
When I test the flow by hitting the page directly that loads into the iframe, everything works fine. However, within the iframe, the redirects do not load, so the iframe is simply a blank page.
My redirect from within the page loaded in the iframe looks like this:
return $this->_helper->redirector->gotoUrl("http://twitter.com/oauth/authorize?oauth_token={$session->token}");
The reason, twitter has disabled this, is that you can't see the address bar in an iframe. So web apps could do easy fishing: telling the user to input his/her twitter user/passw into a form which just looks like the twitter sign in form, but is in fact hosted on the fishing server.
I have modal popup of external site using jquery
The external site is a login
After completion of the login the modal window will redirect to a site.
I want to:
i) identify when the modal has redirected (login complete)
ii) capture the modal url to acquire parameters from the url.
How do i do this in jquery methods & javascript
If it's an external site, you can't, due to the Same Origin Policy. You can't sneak a look into other sites' documents, even if you opened them in a modalDialog or in-page iframe. It would be a security hole if you could steal parameters from the URL.
You can't repurpose another site's login process for your own ends unless that site deliberately exposes an interface to let you do it.