Sunday, March 6, 2022

[FIXED] Facebook Login integration using PHP SDK 4.0 - HTTP_REFERER missing on redirect

Issue

I was trying to integrate Facebook Login using PHP SDK 4.0. Everything is going good except HTTP_REFERER is missing in the page redirected by Facebook after successfull login (User authorizes the app and grants requested permission.)

Login page:

<?php
...
$loginHelper = new FacebookRedirectLoginHelper('localhost/login/facebook/verify.php');
$loginURL = $loginHelper->getLoginUrl();
header("Location: $loginURL");
...
?>

verify.php page:

<?php
if (isset($_SERVER['HTTP_REFERER'])) {
    if (strpos($_SERVER['HTTP_REFERER'], 'facebook.com') !== false) {
        // Redirected from Facebook
       ...
    }
}
?>

The php.net documentation states :

The address of the page (if any) which referred the user agent to the current page. This is set by the user agent. Not all user agents will set this, and some provide the ability to modify HTTP_REFERER as a feature. In short, it cannot really be trusted.

So, is it really Facebook not setting this particular header or I'm doing it wrong somewhere?


Solution

It is your web browser that should set the HTTP_REFERER header not Facebook itself. When your site is being linked or redirected from a HTTPS site, the browser will not set a referrer.



Answered By - WizKid
at

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.