Is it safe to have facebook App ID embedded in the UI javascript code?

后端 未结 2 616
刺人心
刺人心 2021-02-19 06:54

Facebook\'s documentation says that we can initialise FB in our app by running the following code. The code is from the documentation but this also expects \'appId\'

2条回答
  •  野性不改
    2021-02-19 07:26

    The App ID is perfectly safe to publish (it will be visible in the login process anyway), the App Secret on the other hand is called "Secret" for a reason. With App ID and App Secret, you would already have an App Access Token (App-ID|App-Secret). With an App Access Token, you would be able to change some App settings: https://developers.facebook.com/docs/graph-api/reference/application#Updating

    To improve security, you should activate "Require App Secret" in the App settings and use appsecret_proof for server calls:

    • Settings: https://developers.facebook.com/apps/[app-id]/settings/advanced/
    • Securing API calls: https://developers.facebook.com/docs/graph-api/securing-requests
    • General information: https://developers.facebook.com/docs/facebook-login/security

提交回复
热议问题