Logout: Refused to display 'https://www.facebook.com/home.php' in a frame because it set 'X-Frame-Options' to 'DENY'.
Opened this issue ยท 21 comments
When I call Facebook.logout() I get this error
Refused to display 'https://www.facebook.com/home.php' in a frame because it set 'X-Frame-Options' to 'DENY'.
People say using a iframe is a solution, but have no idea how to do that since iframe's anuglarjs scope is different from original document.
Or there's any approach to solve the problem?
@red010182 Hey were you able to find a fix for this? I'm also facing the same issue :(
Yes, the solution is:
- Go to your facebook app console
- Go to
Settings->Basic. InSite URLtype your url, even if localhost. For example:http://localhost:3000 - Go to
Settings->Advanced. InValid OAuth redirect URIstype your url, even if localhost. For example:http://localhost:3000
Great. Thx
On Sat, Mar 7, 2015 at 9:55 AM tpy notifications@github.com wrote:
Yes, the solution is:
- Go to your facebook app console
- In Settings -> Basic -> Site URL
Type your url, even if localhost. For example: http://localhost:3000- In Settings -> Advanced -> Valid OAuth redirect URIs
Type your url, even if localhost. For example: http://localhost:3000Reply to this email directly or view it on GitHub
#92 (comment)
.
Facebook.logout() logs me out complitly from facebook.com page! is there a way to logout only from my App?
I Think facebook has a single logout approach. if we logged out from either from an application which is using fb login and user logged into it or logged out from facebook itself, it logs out from both the applications. Its mentioned by facebook why they follow this approach is to avoid confusion and also for security purpose
Another observation is that, FB.logout() was making browser redirect generate with this error when my app settings in developers.facebook.com is like below.
settins -> basic -> website URL -> http://domain.com - this was throwing this error
after that i tried with changing the above setting to http://www.domain.com - Then it started working :-)
any idea why this change may cause issue ?
@ac-lakshmikanth did you change to http://www.domain.com on both Settings?
Basic -> Site URL
Advanced -> Valid OAuth redirect URIs
@urbanvikingr Yes. I have configured http://www.domain.com in both basic and advanced settings. Also Basic -> App domains field is configured with just 'domain.com'.
Eventhough i have done all the configuration discussed above. I m getting same error while FB.logout(). Also sometimes im not receiving loggedin status, it returns null. Can anyone help?
Has anyone found a fix for this we have added our url to both Settings -> Basic and Settings -> Advanced. In Valid OAuth redirect URIs and are still seeing this error when we call Logout.
+1 @ishish
+1 @ishish
I got this to work by not setting any App Domains and having:
Site URL: https://localhost/
Valid OAuth redirect URIs: https://localhost/
With those settings, everything works as expected. The only problem with this is when I switch to production, I have no way to test localhost properly. It would be nice to allow multiple site URLs.
+1 @ishish
I have this issue and the domains are definitely added.
@red010182 Thanx man. Your solution worked for me. Added both the Url same and it logged out successfully. Cheers!!
Disregard, we swore this worked but a weekend later are back to the above solution. We are reaching out to facebook to ask them if this is intentional.
I'm lacking a better place to comment on this than here.
In the Valid OAuth redirect URIs, logon will accept domains configured with http:// when you actually use https:// but logout will not. So:
Valid OAuth redirect URIs: http://example.com
go to https://example.com, execute facebook.logon, get logged on, execute facebook.logoff, observe failure regarding iframe
Valid OAuth redirect URIs: https://example.com
go to https://example.com, execute facebook.logon, get logged on, execute facebook.logoff, observe logoff occurs correctly
This bit of nuance bit us since in both cases the logon method works.
FWIW for me FB.logout() did not me out of of facebook, just out of facebook's being connected to my app...
Yes, the solution is:
Go to your facebook app console
In Settings -> Basic -> App Domains -> Site URL
Type your url, even if localhost. For example: http://localhost:4300
Hi guys! Recently I was facing out the same problem regarding the Logout: Refused to display 'https://www.facebook.com/home.php' in a frame because it set 'X-Frame-Options' to 'DENY'.
I tried the steps that @abhisheksirigari and some others posted, but without success.
So, I share my solution (because I spent a lot of time trying and trying) :
- Settings -> Advanced
- "Native app or PC" ? (I'm not pretty sure how this is displayed in english versions) -> YES
- The secret key is integrated in your client?
If your backend are sending the secret key leave it as default (NO)
Otherwise, toggle it to YES
I found this solution in this facebook docs https://developers.facebook.com/docs/facebook-login/security/#surfacearea
I hope that it helps you as it worked for me!
if you are using facebook oauth inside Iframe you need to get it to the top window level, you can do this by adding target="_top" to facebook login anchor tag.
example:
<a target="_top" href="example.com/login/fb">Login via facebook</a>