Is there a way to deny direct access to the application server for a

Question

0

Asked: May 31, 20262026-05-31T04:06:56+00:00 2026-05-31T04:06:56+00:00

Is there a way to deny direct access to the application server for a

0

Is there a way to deny direct access to the application server for a facebook application?

Facebook loads the application via an iFrame src=http://app-domain/, but you can clearly view the page source and find out that domain and copy paste the URL into a browser and view the application directly.

There is this signed_request and oauth_token in the API, I was wondering how to use that or if I can use that to limit direct access to the application.

So if a user inputs in the browser your application’s URL he gets redirected to Facebook.

Thank you.

EDIT:
I found a way that also works with form submission.

// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);

This redirects the browser while accessing the application directly and not through facebook.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-31T04:06:57+00:00

Editorial Team

2026-05-31T04:06:57+00:00Added an answer on May 31, 2026 at 4:06 am

I found a way that also works with form submission. (Works for me, it might not work for you. Test it first.)

// Signed request
$signed_request = $facebook->getSignedRequest();
if(!$signed_request) header("Location: " . $settings['appBaseUrl']);

This redirects the browser while accessing the application directly and not through facebook.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

Is there a way to deny direct access to the application server for a

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply