问题
I'm running a meteor app, which I just deployed to production with Meteor up. Now I have a mismatch when I try to login using a Oauth service between example.com and www.example.com. In my fb-app I use the www address. So if I go to example.com and try to login, I get an error in console about same-origin-policy.
I'm using the browserpolicy package for Meteor. In which I added both non-www and www inside BrowserPolicy.content.allowOriginForAll(origin);
What's the correct fix for this? Can I somehow add 2 url's to my fb-app or should I use a wildcard? Should I redirect all traffic to www.example.com? Or is there a different/more correct solution for this?
来源:https://stackoverflow.com/questions/31499198/www-and-non-www-mismatch-security-issue-with-oauth-fb-tw-and-browser-policy-pack