I'm building a Facebook app and I have noticed that when attempting to get the login status of the user using their Javascript API, I sometimes get the error:
"Refused to display document because display forbidden by X-Frame-Options."
I've been able to reproduce this every time I hit the "check login status" page of the app only while using Facebook as a page, rather than my user account. This is easy enough to avoid now that I know this causes the problem, but obviously my users may not know this.
Is there a way to determine whether or not the user is using Facebook as a Page or not? Since that seems to pretty much ruin my entire app.
I had this problem too, fixed it with: The app was redirecting the user to a login screen from Facebook (auth dialog box), while the user was already logged in. So I changed the code to redirect either to the success page if logged in, or to the dialog box if not logged in.
This is a problem when facebook redirects to your app from a web browser and then you redirect to the facebook authorization sign in. You have to make sure that the form replaces the page and does not load into the facebook canvas as it does not like it.
So you have to do a clean redirect like so -this is node example
res.send("<script> top.location.href='"+ "https://www.facebook.com/dialog/oauth?
client_id=*********&redirect_uri=http://apps.facebook.com/myapp" + "'</script>");
Look at this facebook dev page and its in step 3
https://developers.facebook.com/docs/howtos/login/server-side-login/
Does not seem to be a problem with mobile apps just desktop
Does this javascript work?
document.write(isFacebookPage()?"YES, I'm in a Facebook Page!":"No, not a Facebook Page");
function isFacebookPage(){
return (document.location.href.indexOf('/pages/')>0);
}
来源:https://stackoverflow.com/questions/9491540/refused-to-display-document-because-display-forbidden-by-x-frame-options