Facebook JS SDK 未在 Safari 中设置 fbs_* Cookie
我读过一些关于如何解决这个问题的文章,总结一下:
- 在对应用程序的第一个 POST 请求期间手动创建 fbs_* cookie
- 添加“启动应用程序”链接,当用户单击它时 Safari 允许您设置 cookie (http://lightyearsoftware.com/2009/11/on-the-pain-of-developmenting-for-facebook/)
- 创建并提交表单客户端(http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/)
这些似乎都不起作用,我质疑该信息是否仍然有效(我在Safari 5.0.5)。我需要使用 fbs cookie 在服务器端正确验证用户身份,这适用于所有其他浏览器。我无法在初始 POST 请求上设置任何 cookie,并且客户端表单提交也不起作用。 Safari 是否不再允许您在 POST 上设置第三方 cookie?
I've read a few posts about how to fix this, to sum it up:
- Manually create the fbs_* cookie during the first POST request to your app
- Add a "Start App" link, when the user clicks it Safari lets you set cookies (http://lightyearsoftware.com/2009/11/on-the-pain-of-developing-for-facebook/)
- Create and submit a form client side (http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/)
None of that seems to work, I'm questioning whether or not that information is still valid (I'm on Safari 5.0.5). I need to use the fbs cookie to properly authenticate the user on the server side, and this works on every other browser. I can't set any cookies on the initial POST request, and the client-side form submit doesn't work either. Does Safari not let you set third party cookies even on a POST anymore?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
![扫码二维码加入Web技术交流群](/public/img/jiaqun_03.jpg)
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
Cookie 被拒绝的原因是 Safari 中默认的“第三方 Cookie”政策。
为了正确验证用户身份,您最好避免手动使用 Facebook JS(或任何其他)SDK 放置的 fbs_* cookie,并使用 FB.getSession / FB.getAuthResponse和/或来自 JS SDK 的 FB.getLoginStatus。在服务器端,您可以使用传递给所有 Canvas 和页面配置文件选项卡应用程序的 signed_request 参数。
The reason cookies are rejected is a default "third party cookies" policy in Safari.
To properly authenticate the user you better stay away from manual usage of fbs_* cookies placed by Facebook's JS (or any other) SDK and use FB.getSession / FB.getAuthResponse and/or FB.getLoginStatus from JS SDK. On the server side you can use signed_request parameter passed to all Canvas and Page Profile Tab applications.