I have an app on my server which redirects to Facebook and thus displays the browser version of the Facebook Login page.
However, since I'll be accessing this through a mobile device, I'll want it to display the mobile version of the Facebook login page.
Is it possible to use the header() function or is there a way to change the user-agent on my host before it redirects to Facebook? So that Facebook will think the request is coming from a mobile device and thus render the mobile version.
I have already tried to use JavaScript and tried spoofing the header command; unfortunately these didn't work.
Thank you.
ini_set('user_agent', 'MyBrowser v42.0.4711');
Your server cannot affect the remote browser's configuration. The only place where you could change the user agent is if you were proxying the browser's requests to facebook, as it'd be your server connecting to FB, not the client.
Try redirecting to m.facebook.com instead. That displays a minimal "mobile" version.
Related
I am using an android WebView to load a company page which requires a certain cookie.
Part of this page are several images which are generated via PHP script. This script is on the same site and also requires the same cookie.
I use the CookieSyncManager and CookieManager but I don't know how to prove that the correct cookies are used.
My problem is that the pictures are not shown. When I try to access the pictures separately I get a redirect to the login page ( which is standard for not authenticated requests )
Any ideas?
If you try on Android 4.4, you can use Dev Tools to inspect the network requests and check for the cookie. Prior to 4.4, you could try using tcpdump/wireshark to look at the requests. Alternatively, can you have the server log the cookies that are sent with the request and inspect them that way?
Im trying to use the facebook login from https://github.com/facebook/facebook-php-sdk
It works fine over HTTP but fails to login over HTTPS, The app page lists the login page as https://my.url.com
Both pages have a get redirect with code and state, which are the same length for the working and non working URL.
I would prefer to use https for all login pages.
By Doesnt work I mean after a successful login the token is appid|appsecret and the user returns ID of 0 instead of the actual user id which has just completed the login
Found the issue to be the Redirect URL. Code was being used from http://webcheatsheet.com/php/get_current_page_url.php
which puts the port :443 on the url. During the redirect the facebook info gets "lost"
Changing their code to allow for this fixes the problem. though with or without the :443 its still a valid URL and should really work
Have you considered using the HybridAuth library? I've always had it dump me into https on Facebook
The :443 is what tells the browser to connect over HTTPS, the default port for HTTP is 80 and 443 for HTTPS.
Perhaps the issue is something to do with Facebook having cached your domain as port 80
You can clear facebook's cache of your site, and troubleshoot other URL related problems with their official URL debugger https://developers.facebook.com/tools/debug/
When the Facebook session expires with my App, I have to use the Javascript SDK to create a new session. This is hugely annoying as it appears to the user that they are logged out occasionally as I do most of the detection server side. And then, when they reload the page and the javascript has executed, the session is recreated.
I am aware that I can fix this quite simply by using javascript to show a message saying 'please reload the page' (much like StackOverflow), however, I do not want my users to have to do this. I accept that the PHP SDK cannot do it, but is there any sort of hack I can do to achieve it myself using PHP instead of Javascript?
Can anyone explain why the PHP cannot do this?
PHP is running on your server, which has nothing to do with Facebook's servers. Remember that cookies are locked to the originating domain. The cookie will appear to have been set by YOUR server, and have an originating domain of "yoursite.com", not "facebook.com".
JS, on the other hand, runs on the client, and any requests made to Facebook's servers will also obey any cookies set by the Facebook servers.
I have a PHP page (which is displayed through a mobile/android browser) - however, when accessing a link to an external site - it automatically redirects to the mobile version.
I want the link to take user to the desktop version of the webpage even when accessed through a mobile browser.
Is there a way i can specify useragent/or any other setting in my PHP page code to acheive this? Thanks.
Spoofing the user agent string will be a challenge, as it requires you to control the behavior of the browser. You might be able to do it with JavaScript or something, but I doubt it.
If it's just one site, you may wish to take a look at how they're handling redirection of mobile devices. Often, sites will provide mechanisms for overriding the redirect script.
For example, sites using the UC Mobile Web Framework (http://mwf.ucla.edu/) allows you to override their redirect script with a query string parameter. The UCSF Library (http://library.ucsf.edu/) is using that framework for mobile redirects. If you are on a mobile device and go to http://library.ucsf.edu/ then you will be redirected to the mobile version of the site. However, if you go to http://library.ucsf.edu/?ovrrdr=1 then you will get the desktop version.
What you are describing, no. You do not have control of an external site therefore you cannot control what is being served.
I have created two Facebook canvas apps. I am having problems with people accessing the apps. In the app settings you must enter:
Canvas URL
Secure Canvas URL
Secure Canvas URL wont accept HTTP links but only HTTPS. When some of my users go to my app link like http://apps.facebook.com/my_app Facebook automatically redirects them to https://...
Canvas app content is loaded from my server which is only accessible via HTTP. The users which are redirected to https://apps.facebook.com/my_app then can not load my app since Facebook canvas wants to load content from my server via HTTPS. How do I solve this, without enabling SSL on mu server?
And not all users are redirected to https://apps.fa...? How is this handled?
I have come up with an interesting hack for this problem.
You can create a HTML file that is accessible over HTTPS that just redirects to your webpage. For example, you can use dropbox. Since Facebook loads your secure canvas URL page in an iframe, your code needs to redirect the top page. Something like this.
<html>
<head>
<script>
function onLoad() {
window.top.location.href="<your website>";
}
</script>
</head>
<body onload="onLoad()">
<p>Please wait while you are being redirected to <your website name>…</p>
</body>
</html>
And provide this link as the secure canvas URL. I blogged about this in more detail - http://blog.almabase.com/post/84579042935/interesting-hack-for-facebook-secure-canvas-url
Basically, you must provide https support. At the moment, you can still leave the Secure Canvas URL field empty to avoid doing so, but it will be required starting October 1st.
Facebook users that have explicitly said they want to use HTTPS in their account settings get redirected to HTTPS. Your application has to support HTTPS by October 1st, as announced by Facebook here: https://developers.facebook.com/blog/post/497
Without enabling SSL on your server, you could try social-server.com
However, this is only a quick workaround. Your users might get nasty security messages from their browsers while using https.
The best solution is to buy a SSL certificate if you still want to develop Facebook apps.