Use a Frame-Busting Redirect To Authorize Facebook Applications

Note: This article was originally written on reich-consulting.net. Reich Web Consulting has narrowed its focus to the web and no longer offers tech support services, so we’ve moved all of our tech support content off-site. We hope you find this article useful. It is provided as-is, and we will no longer provide support on this topic.

Here’s a trick I picked up during development of my new Facebook application, My Wishlist. I picked this one up at Stack Overflow.

When you begin developing for Facebook, one of the first trick’s that you’ll learn is how to check for a Facebook session and how to redirect the user to the Facebook login page if they aren’t logged in or haven’t authorized your application. Usually that code looks something like this:

If you’re developing an Iframe-based Facebook application (soon to be the only option since FBML has been deprecated), you’ve got a real problem: The redirect will happen within your application’s IFrame, with the actual login page content hidden within the frame. You’ll recognize the problem because it will look a little something like this:

[caption id=”attachment_493" align=”aligncenter” width=”300"]

Image for post
Image for post

This is what happens when you redirect to the login page within a Canvas-based Facebook application.[/caption]

The solution to this problem is to use what I call a Frame-Busting Redirect using JavaScript:

\n";
printf("top.location.href= \"%s\";\n", $_SERVER['PHP_SELF']);
echo '';
}
Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store