Facebook SDK FB.GetLoginStatus Load denied by X-Frame-Options (Firefox Only)












3















I have this web application login page that calls FB.GetLoginStatus() from the Facebook JavaScript SDK after the document is done loading. This worked perfectly fine on all browsers (mobile included) and that was the happily ever after.



BUT, one day, out of plain nowhere, I notice that the SDK is failing to get the login status data of the Facebook user when the page is done loading. I take a look in the console and I see something around the lines of




Load denied by X-Frame-Options [massive link generated by the SDK]
does not permit framing.




Here's what bugs me: this works perfectly fine in Safari. I was introduced to the error when I opened the web app on Chrome (same error as quoted above, slightly different wording). I tried on Firefox and got the same thing. I spent a few hours trying to find a cause but failed and went to sleep.



I wake up the next day and miraculously it's now working on Chrome (?) without me having done any changes (?!). But, for some reason, the error persists only in Firefox now.



Does anyone have a clue what this might be? Something that Firefox does differently that Safari and Chrome don't?



A clue here is that I'm using a tunneling service (ngrok) and I don't have a signed certificate for it, thus I get the casual (you're entering an 'unsafe' website, blah blah blah). Perhaps Firefox is blocking the SDK because the connection is not secure?



Any insight on this would be marvelous. Thanks 🙂






javascript facebook firefox runtime-error facebook-javascript-sdk







share|improve this question























  • did you check out open bugs? if something suddently does not work anymore, there´s usually a bug, or facebook changed something. btw, you should add the relevant code, that´s very important. but you may be right about the certification issue, browsers handle this in a different way.

    – luschn
    Nov 15 '18 at 8:25













  • Hi @luschn, yeah searched through open bugs and here on StackOverflow as well. Either the question was several years back or the bug closed. Going to try some random configurations and see if I can poke the bear, but so far this seems very odd.

    – Daniel
    Nov 15 '18 at 13:28


















3















I have this web application login page that calls FB.GetLoginStatus() from the Facebook JavaScript SDK after the document is done loading. This worked perfectly fine on all browsers (mobile included) and that was the happily ever after.



BUT, one day, out of plain nowhere, I notice that the SDK is failing to get the login status data of the Facebook user when the page is done loading. I take a look in the console and I see something around the lines of




Load denied by X-Frame-Options [massive link generated by the SDK]
does not permit framing.




Here's what bugs me: this works perfectly fine in Safari. I was introduced to the error when I opened the web app on Chrome (same error as quoted above, slightly different wording). I tried on Firefox and got the same thing. I spent a few hours trying to find a cause but failed and went to sleep.



I wake up the next day and miraculously it's now working on Chrome (?) without me having done any changes (?!). But, for some reason, the error persists only in Firefox now.



Does anyone have a clue what this might be? Something that Firefox does differently that Safari and Chrome don't?



A clue here is that I'm using a tunneling service (ngrok) and I don't have a signed certificate for it, thus I get the casual (you're entering an 'unsafe' website, blah blah blah). Perhaps Firefox is blocking the SDK because the connection is not secure?



Any insight on this would be marvelous. Thanks 🙂






javascript facebook firefox runtime-error facebook-javascript-sdk







share|improve this question























  • did you check out open bugs? if something suddently does not work anymore, there´s usually a bug, or facebook changed something. btw, you should add the relevant code, that´s very important. but you may be right about the certification issue, browsers handle this in a different way.

    – luschn
    Nov 15 '18 at 8:25













  • Hi @luschn, yeah searched through open bugs and here on StackOverflow as well. Either the question was several years back or the bug closed. Going to try some random configurations and see if I can poke the bear, but so far this seems very odd.

    – Daniel
    Nov 15 '18 at 13:28
















3












3








3








I have this web application login page that calls FB.GetLoginStatus() from the Facebook JavaScript SDK after the document is done loading. This worked perfectly fine on all browsers (mobile included) and that was the happily ever after.



BUT, one day, out of plain nowhere, I notice that the SDK is failing to get the login status data of the Facebook user when the page is done loading. I take a look in the console and I see something around the lines of




Load denied by X-Frame-Options [massive link generated by the SDK]
does not permit framing.




Here's what bugs me: this works perfectly fine in Safari. I was introduced to the error when I opened the web app on Chrome (same error as quoted above, slightly different wording). I tried on Firefox and got the same thing. I spent a few hours trying to find a cause but failed and went to sleep.



I wake up the next day and miraculously it's now working on Chrome (?) without me having done any changes (?!). But, for some reason, the error persists only in Firefox now.



Does anyone have a clue what this might be? Something that Firefox does differently that Safari and Chrome don't?



A clue here is that I'm using a tunneling service (ngrok) and I don't have a signed certificate for it, thus I get the casual (you're entering an 'unsafe' website, blah blah blah). Perhaps Firefox is blocking the SDK because the connection is not secure?



Any insight on this would be marvelous. Thanks 🙂






javascript facebook firefox runtime-error facebook-javascript-sdk







share|improve this question














I have this web application login page that calls FB.GetLoginStatus() from the Facebook JavaScript SDK after the document is done loading. This worked perfectly fine on all browsers (mobile included) and that was the happily ever after.



BUT, one day, out of plain nowhere, I notice that the SDK is failing to get the login status data of the Facebook user when the page is done loading. I take a look in the console and I see something around the lines of




Load denied by X-Frame-Options [massive link generated by the SDK]
does not permit framing.




Here's what bugs me: this works perfectly fine in Safari. I was introduced to the error when I opened the web app on Chrome (same error as quoted above, slightly different wording). I tried on Firefox and got the same thing. I spent a few hours trying to find a cause but failed and went to sleep.



I wake up the next day and miraculously it's now working on Chrome (?) without me having done any changes (?!). But, for some reason, the error persists only in Firefox now.



Does anyone have a clue what this might be? Something that Firefox does differently that Safari and Chrome don't?



A clue here is that I'm using a tunneling service (ngrok) and I don't have a signed certificate for it, thus I get the casual (you're entering an 'unsafe' website, blah blah blah). Perhaps Firefox is blocking the SDK because the connection is not secure?



Any insight on this would be marvelous. Thanks 🙂






javascript facebook firefox runtime-error facebook-javascript-sdk




javascript facebook firefox runtime-error facebook-javascript-sdk






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 15 '18 at 3:24









DanielDaniel

515




515













  • did you check out open bugs? if something suddently does not work anymore, there´s usually a bug, or facebook changed something. btw, you should add the relevant code, that´s very important. but you may be right about the certification issue, browsers handle this in a different way.

    – luschn
    Nov 15 '18 at 8:25













  • Hi @luschn, yeah searched through open bugs and here on StackOverflow as well. Either the question was several years back or the bug closed. Going to try some random configurations and see if I can poke the bear, but so far this seems very odd.

    – Daniel
    Nov 15 '18 at 13:28





















  • did you check out open bugs? if something suddently does not work anymore, there´s usually a bug, or facebook changed something. btw, you should add the relevant code, that´s very important. but you may be right about the certification issue, browsers handle this in a different way.

    – luschn
    Nov 15 '18 at 8:25













  • Hi @luschn, yeah searched through open bugs and here on StackOverflow as well. Either the question was several years back or the bug closed. Going to try some random configurations and see if I can poke the bear, but so far this seems very odd.

    – Daniel
    Nov 15 '18 at 13:28



















did you check out open bugs? if something suddently does not work anymore, there´s usually a bug, or facebook changed something. btw, you should add the relevant code, that´s very important. but you may be right about the certification issue, browsers handle this in a different way.

– luschn
Nov 15 '18 at 8:25







did you check out open bugs? if something suddently does not work anymore, there´s usually a bug, or facebook changed something. btw, you should add the relevant code, that´s very important. but you may be right about the certification issue, browsers handle this in a different way.

– luschn
Nov 15 '18 at 8:25















Hi @luschn, yeah searched through open bugs and here on StackOverflow as well. Either the question was several years back or the bug closed. Going to try some random configurations and see if I can poke the bear, but so far this seems very odd.

– Daniel
Nov 15 '18 at 13:28







Hi @luschn, yeah searched through open bugs and here on StackOverflow as well. Either the question was several years back or the bug closed. Going to try some random configurations and see if I can poke the bear, but so far this seems very odd.

– Daniel
Nov 15 '18 at 13:28














1 Answer
1






active

oldest

votes


















2














OK, after fighting this for a few hours I finally found out what was bothering Firefox: the website site URL field in the app's Facebook Dashboard settings.



The issue wasn't even with ngrok or a missing signed certificate, it was the fact that the website in the settings had the production domain (.app) instead of the ngrok one I'm currently using for development (eu.ngrok.io).



The only reason I managed to pinpoint this back to the dashboard settings is because I have 2 Facebook apps, and the other one was working fine, so I imagined it might be a misconfiguration in the settings that was causing the issue (Facebook has a shitty standard in place for explaining/handling errors — it's like shooting in the dark until you hit something when using their SDK's).



What I don't understand here is why the heck only Firefox seems to have a problem with this setting being misconfigured or why the issue disappeared out of nowhere from one day to the next for Chrome. Anyways, if I managed to help anyone else fix anything similar with this thread than this headache has been worthwhile.



Peace out ✌🏽






share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53311952%2ffacebook-sdk-fb-getloginstatus-load-denied-by-x-frame-options-firefox-only%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    2














    OK, after fighting this for a few hours I finally found out what was bothering Firefox: the website site URL field in the app's Facebook Dashboard settings.



    The issue wasn't even with ngrok or a missing signed certificate, it was the fact that the website in the settings had the production domain (.app) instead of the ngrok one I'm currently using for development (eu.ngrok.io).



    The only reason I managed to pinpoint this back to the dashboard settings is because I have 2 Facebook apps, and the other one was working fine, so I imagined it might be a misconfiguration in the settings that was causing the issue (Facebook has a shitty standard in place for explaining/handling errors — it's like shooting in the dark until you hit something when using their SDK's).



    What I don't understand here is why the heck only Firefox seems to have a problem with this setting being misconfigured or why the issue disappeared out of nowhere from one day to the next for Chrome. Anyways, if I managed to help anyone else fix anything similar with this thread than this headache has been worthwhile.



    Peace out ✌🏽






    share|improve this answer




























      2














      OK, after fighting this for a few hours I finally found out what was bothering Firefox: the website site URL field in the app's Facebook Dashboard settings.



      The issue wasn't even with ngrok or a missing signed certificate, it was the fact that the website in the settings had the production domain (.app) instead of the ngrok one I'm currently using for development (eu.ngrok.io).



      The only reason I managed to pinpoint this back to the dashboard settings is because I have 2 Facebook apps, and the other one was working fine, so I imagined it might be a misconfiguration in the settings that was causing the issue (Facebook has a shitty standard in place for explaining/handling errors — it's like shooting in the dark until you hit something when using their SDK's).



      What I don't understand here is why the heck only Firefox seems to have a problem with this setting being misconfigured or why the issue disappeared out of nowhere from one day to the next for Chrome. Anyways, if I managed to help anyone else fix anything similar with this thread than this headache has been worthwhile.



      Peace out ✌🏽






      share|improve this answer


























        2












        2








        2







        OK, after fighting this for a few hours I finally found out what was bothering Firefox: the website site URL field in the app's Facebook Dashboard settings.



        The issue wasn't even with ngrok or a missing signed certificate, it was the fact that the website in the settings had the production domain (.app) instead of the ngrok one I'm currently using for development (eu.ngrok.io).



        The only reason I managed to pinpoint this back to the dashboard settings is because I have 2 Facebook apps, and the other one was working fine, so I imagined it might be a misconfiguration in the settings that was causing the issue (Facebook has a shitty standard in place for explaining/handling errors — it's like shooting in the dark until you hit something when using their SDK's).



        What I don't understand here is why the heck only Firefox seems to have a problem with this setting being misconfigured or why the issue disappeared out of nowhere from one day to the next for Chrome. Anyways, if I managed to help anyone else fix anything similar with this thread than this headache has been worthwhile.



        Peace out ✌🏽






        share|improve this answer













        OK, after fighting this for a few hours I finally found out what was bothering Firefox: the website site URL field in the app's Facebook Dashboard settings.



        The issue wasn't even with ngrok or a missing signed certificate, it was the fact that the website in the settings had the production domain (.app) instead of the ngrok one I'm currently using for development (eu.ngrok.io).



        The only reason I managed to pinpoint this back to the dashboard settings is because I have 2 Facebook apps, and the other one was working fine, so I imagined it might be a misconfiguration in the settings that was causing the issue (Facebook has a shitty standard in place for explaining/handling errors — it's like shooting in the dark until you hit something when using their SDK's).



        What I don't understand here is why the heck only Firefox seems to have a problem with this setting being misconfigured or why the issue disappeared out of nowhere from one day to the next for Chrome. Anyways, if I managed to help anyone else fix anything similar with this thread than this headache has been worthwhile.



        Peace out ✌🏽







        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Nov 15 '18 at 18:30









        DanielDaniel

        515




        515
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53311952%2ffacebook-sdk-fb-getloginstatus-load-denied-by-x-frame-options-firefox-only%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            -

            Popular posts from this blog

            Florida Star v. B. J. F.

            Image
            Florida Star v. B. J. F. From Wikipedia, the free encyclopedia Jump to navigation Jump to search United States Supreme Court case Florida Star v. B. J. F. Supreme Court of the United States Argued March 21, 1989 Decided June 21, 1989 Full case name The Florida Star v. B. J. F. Citations 491 U.S. 524 ( more ) 109 S. Ct. 2603; 105 L. Ed. 2d 443; 1989 U.S. LEXIS 3120; 57 U.S.L.W. 4816; 16 Media L. Rep. 1801 Prior history The Florida Star v. B.J.F., 530 So.2d 286 (1988) Supreme Court of Florida; Florida Star v. B.J.F., 499 So.2d 883 (1986) Fla. Dist. Court of Appeals Holding Florida Stat. § 794.03 is unconstitutional to the extent it makes the truthful reporting of information that was a matter of public record unlawful, as it violates the First Amendment. Court membership Chief Justice William Rehnquist Associate Justices William J. Brennan Jr.  · Byron White Thurgood Marshall  · Harry Blac
            Read more

            Error while running script in elastic search , gateway timeout

            Image
            0 while running script in elastic search, I got 504 Gateway timeout error. { "query": { "bool": { "filter": { "script": { "script": " doc['creted_date'].date.getMonthOfYear() == 12 " } } } }, "aggs": { "test": { "date_histogram": { "field": "creted_date", "interval": "month", "format": "MMM" }, "aggs": { "cost": { "sum": { "field": "cost" } } }
            Read more

            Adding quotations to stringified JSON object values

            Image
            0 My stringified object data doesn't include quotation marks around object values, which errors when attempting JSON.parse() : '{ "affiliation": CORPORATE, "userId": 75c35d1c-5d12-4485-8fa8-b2f1551a3e6e }' I need the string to be: '{ "affiliation": "CORPORATE", "userId": "75c35d1c-5d12-4485-8fa8-b2f1551a3e6e" }' I'm using this regex to add quotes to the object keys: var newStr = str.replace(/(['"])?([a-z0-9A-Z_]+)(['"])?:/g, '"$2": '); For instance: '{ affiliation: CORPORATE }' to '{ "affiliation": CORPORATE }' There are only string values in my data, so I don't need to check value types. How can I alter my regex expression to add quotations to
            Read more