Home/ Questions/Q 8476305
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-10T18:08:33+00:00

I am working on getting the Facebook Authentication within a Canvas Page working, as

  • 0

I am working on getting the Facebook “Authentication within a Canvas Page” working, as described here for PHP. I finally got the base64_decode stuff working but I do fail on redirecting the user to the URL described in Section 2a. I tried response.redirect(url) as well as response.setHeader(‘Location’, url) and other options I found on SO, but none of these worked :/

If I visit the URL directly through the browser, everything seems to work as expected. If I redirect to an URL on the same domain, it works too. Maybe I am missing something basic? Are redirects to external domains possible? What is the correct way to get this done?

Thank you in advance!

UPDATE: I just figured out that redirecting to pages like http://heise.de or http://orf.at works, but not for http://www.google.com or http://www.facebook.com. I have no clue what is going on here :/

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I just figured out that redirecting to pages like http://heise.de or http://orf.at works, but not for http://www.google.com or http://www.facebook.com. I have no clue what is going on here :/

    The latter ones are sending an X-Frame-Options HTTP response header, which tells the client whether the page wants to be displayed in (i)frames or not.

    Google sends the value SAMEORIGIN, which means only pages from the domain google.com are allowed to display other pages from google.com in (i)frames, and Facebook sends DENY, meaning the page is never allowed to be displayed in any kind of frame, no matter where.

    • 0