I have a Canvas application that allows the user to first see what it’s all about, and then asks for permissions only if he wishes to perform certain actions.
When the user enters the application it starts without requiring permissions. We provide a “Login” link which will make a request to
This causes the Facebook logo to appear with a link that says “Go To Facebook.com”. I understand that there are cross-frame problems that causes this, and can be fixed by simply putting target=_top onto the link (or playing around with Javascript). For now, I want to keep things simple so I don’t use this. I do notice that this is in a iframe_canvas which is good, so I click on that link and get to “Request for Permission” which takes over the screen (didn’t this use to be a popup?) and the iframe_canvas seems to have gone away, and I now have UIFullPage_Container.
I click Allow and Facebook redirects the browser to
This is bad because my “Canvas” application has broken out of the canvas and taken over the whole browser.
Is there something I’m doing wrong, or is this some type of Facebook bug? Do I simply redirect this back to http://apps.facebook.com/mycanvasapp, and if so is there some way to pass some parms?
Just redirect them to
https://apps.facebook.com/yourcanvasapp/whateveryouwant?here=isokay. The part afteryourcanvasapp/is sent to your server. You’ll get thesigned_requestas a post arg, and the other params and path in the query string.In other words, if your secure canvas URL is
https://myapp.com/fbapp/, and you send the user tohttps://apps.facebook.com/mycanvasapp/foo?bar=baz, Facebook will send a POST tohttps://myapp.com/fbapp/foo?bar=bazand signed_request in the POST-data.