Can't get Facebook Strict Mode to work
See original GitHub issueI’ve got the following message in my Facebook Dev console:
According to the information here https://developers.facebook.com/docs/facebook-login/security/#strict_mode strict mode is based on the exact redirect URL match. Unfortunately, I don’t think social-app-django uses this approach by default, because I can see several dynamic parameters in redirect URLs when I’m signing in with FacebookOAuth2
backend. Is anybody else experiencing the same problem?
Issue Analytics
- State:
- Created 6 years ago
- Comments:18
Top Results From Across the Web
How to turn off "Use Strict Mode for Redirect URIs" in facebook ...
Is there any way to turn off the option Use Strict Mode for Redirect URIs in a Facebook app?
Read more >Strict URI Matching - Meta for Developers - Facebook
In response to malicious activity we were seeing on our platform, we recently create a new security option called "Strict Mode" which, when...
Read more >How to fix Facebook apps “Error: Can't Load URL
Strict mode means that when using Facebook login to connect your application or website to the App, the oAuth redirect URL has to...
Read more >Facebook login with new Strict mode URL requirements will ...
Facebook has announced that in March, they will require Facebook login apps to provide exact URL's of the redirect URL's:
Read more >Login error after Facebook enabled by default Use Strict Mode ...
Hello guys, It look s like facebook login does't work after they've turned on Use Strict Mode for Redirect URIs. Anybody with the...
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
facebook wrote in the documentation
In
class FacebookOAuth2(BaseOAuth2)
(version 1.5) we have unsetREDIRECT_STATE
attribute, which overridden as True which causeredirect_state
parameter in facebook complete url.1.7 is updated and now parameter is set by default:
REDIRECT_STATE = False
Actually it’s required to have a feature to rename this attribute in settings like:
SOCIAL_AUTH_FACEBOOK_REDIRECT_STATE_FIELD = 'state'
In my case allowed url was
https://<domain>/complete/facebook/
without additional parametersOverall, you can implement a custom
FacebookOAuth2
with onlyREDIRECT_STATE = False
as @merutak mentioned (for old versions).Or to update to the last version, other possible errors: missing web server https config + django configuration, this case a redirect url will be composed with
http
which will not pass a check.nginx
proxy_set_header X-Forwarded-Protocol $scheme;
django settings
SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
Here is how I setup facebook auth in my settings file:
Valid OAuth redirect uri in Facebook dev console app settings:
The URL in Facebook dev console must match
redirect_uri
parameter of thehttps://www.facebook.com/v2.11/dialog/oauth...
URL.