问题
I'm developing a web application in NodeJS and AngularJS, that is a PageTab application to facebook.
For the login I'm using the library Passport-facebook.
My middleware is:
passport.authenticate('facebook', {
display: 'popup',
scope: ['read_stream', 'publish_actions', 'email', 'user_photos']
})
The application works if i'm outside the tab of facebook, but when I try into facebook tab, I get an error:
[Error] Refused to display'Http....'in a frame because it set 'X-Frame-Options' to 'DENY'. (login, line 0)
[Error] SecurityError: DOM Exception 18: An attempt was made to break through the security policy of the user agent.
Because facebook permission dialog can't be launched from an iFrame
What can I do to fix, keeping the session management with passport strategy?
回答1:
At the end what I did:
- When user is not logged in, instead of res.redirect("/auth/facebook"); I did res.render("authorize");
- in the
authorize.htmlpage I havewindow.top.location = window.location + "auth/facebook"; - an instead of
Passport.authenticate("facebook", { successRedirect: "/", failureRedirect: "/login" } )I didPassport.authenticate("facebook", { successRedirect: appHomePage, failureRedirect: appHomePage } )withappHomePageset to the absolute URL of the facebook app (e.g.https://apps.facebook.com/8480657996/
Note that it is useful to use environment vars to aviod hard coding the app home page in your app
来源:https://stackoverflow.com/questions/26021090/node-passport-facebook-login-in-facebook-page-tab-application