I have an FB app, when I enter as the deauthorization callback URL my development box address, the box is pinged with this request after app removal on FB:
POST /facebook/deauthorize HTTP/1.1 Host: bashman.org Accept: */* Content-Length: 261 Content-Type: application/x-www-form-urlencoded Connection: close fb_sig_uninstall=1&fb_sig_locale=de_DE&fb_sig_in_new_facebook=1&fb_sig_time=1322732591.2685&fb_sig_added=0&fb_sig_user=1476224117&fb_sig_country=de&fb_sig_api_key=e39a74891fd234bb2575bab75e8f&fb_sig_app_id=32352348363&fb_sig=f6bbb27324aedf337e5f0059c4971
(The keys are fake here)
BUT! when I enter my production box URL in the deauthorization callback URL, the POST request is never made. Tested it with Tcpdump. No request on my production machine, why?
I checked with mtr the route from my production box to the IP address the request came from, all is OK, 0% packet lost.
The hostname port and path is correct, tested it 1k times, no firewall, IDS, or other systems blocking my ethernet slot.
Why is the Post callback not called? (How can I fix it?)
How I can debug this to determine what the issue is?
You can try using the facebook URL Debugger and see if facebook's servers are able to reach your callback URL...
Viewing the information facebook IS able to retrieve might help you debug this issue.
I had the same issue with NGINX and after hours of debugging I found this solution in NGINX documentation:
Some browsers may complain about a certificate signed by a well-known certificate authority, while other browsers may accept the certificate without issues. This occurs because the issuing authority has signed the server certificate using an intermediate certificate that is not present in the certificate base of well-known trusted certificate authorities which is distributed with a particular browser. In this case the authority provides a bundle of chained certificates which should be concatenated to the signed server certificate. The server certificate must appear before the chained certificates in the combined file:
$ cat www.example.com.crt bundle.crt > www.example.com.chained.crt
The resulting file should be used in the ssl_certificate directive:
server { listen 443 ssl; server_name www.example.com; ssl_certificate www.example.com.chained.crt; ssl_certificate_key www.example.com.key; ... }
In short, you just need to concatenate the certificate and the bundle and use the result as your ssl_certificate.
I am receiving the post requests from Facebook now.
