Facebook Callback appends '#_=_' to Return URL

Question

Facebook callback has started appending #_=_ hash underscore to the Return URL

Does anyone know why? What is the solution?

Answer 1

via Facebook's Platform Updates:

Change in Session Redirect Behavior

This week, we started adding a fragment #____=____ to the redirect_uri when this field is left blank. Please ensure that your app can handle this behavior.

To prevent this, set the redirect_uri in your login url request like so: (using Facebook php-sdk)

$facebook->getLoginUrl(array('redirect_uri' => $_SERVER['SCRIPT_URI'],'scope' => 'user_about_me')); 

UPDATE

The above is exactly as the documentation says to fix this. However, Facebook's documented solution does not work. Please consider leaving a comment on the Facebook Platform Updates blog post and follow this bug to get a better answer. Until then, add the following to your head tag to resolve this issue:

<script type="text/javascript">     if (window.location.hash && window.location.hash == '#_=_') {         window.location.hash = '';     } </script> 

Or a more detailed alternative (thanks niftylettuce):

<script type="text/javascript">     if (window.location.hash && window.location.hash == '#_=_') {         if (window.history && history.pushState) {             window.history.pushState("", document.title, window.location.pathname);         } else {             // Prevent scrolling by storing the page's current scroll offset             var scroll = {                 top: document.body.scrollTop,                 left: document.body.scrollLeft             };             window.location.hash = '';             // Restore the scroll offset, should be flicker free             document.body.scrollTop = scroll.top;             document.body.scrollLeft = scroll.left;         }     } </script>