Menu
In facebook documantion
require('include/facebook/autoload.php'); //SDK directory
$fb = new Facebook\Facebook([
'app_id' => '***********',
'app_secret' => '***********************'
]);
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email', 'public_profile']; // optional
$loginUrl = $helper->getLoginUrl('http://www.meusite.com.br/login-callback.php', $permissions);
When direct it to the url $loginUrl, the return is: Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match
864
the redirect URL does not match one of the registered redirect URLs for the application In these cases, the authorization server should display an error to the user informing them of the problem. The server must not redirect the user back to the application. This avoids what is known as an “ open redirector attack .”
Also mentioned in our documentation, the ‘state’ parameter is used for both preventing cross-site request forgery attacks and to maintain user’s state before authentication request occurs:
the redirect URL parameter is missing the redirect URL parameter was invalid, such as if it was a string that does not parse as a URL the redirect URL does not match one of the registered redirect URLs for the application In these cases, the authorization server should display an error to the user informing them of the problem.
Passing URLs in plaintext or in any predictable way is unsafe. Ensure that the state parameter value is: Unique and opaque to ensure that it can be used for defense against CSRF and phishing attacks. If stored in a cookie, it should be signed to prevent forgery.
I had the same error.
The problem occurred because I did getLoginUrl(...) before getAccessToken()
So rid of getLoginUrl(...) in redirected URL and code should works.
170
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
