0

This one's got me stumped. I'm setting up a dev version version of my app and for some reason the iframe is not receiving the HTTP referrer header.

The app I'm working on relies on that header being sent. Can you think of any reason why the iframe wouldn't be receiving it?

The app (no referer): http://apps.facebook.com/colinlocaltms

A link to Canvas URL (has StackOverflow as the referer - expected since you're clicking the link): http://secret-lake-4762.herokuapp.com/

user229044
  • 232,980
  • 40
  • 330
  • 338
Colin
  • 2,814
  • 5
  • 27
  • 37
  • 1
    You should never rely on referer. It is optional and easy-to-forge header – zerkms Jul 25 '12 at 23:49
  • Yea I see that signed_request should be used instead. But regardless, what would be causing it to not come through? Surely this would affect other apps as well? – Colin Jul 25 '12 at 23:59
  • You never here it affecting other apps because you are not supposed to rely on it. You can turn it off in Firefox via the about:config url. Whatever you are trying to do, you're going about it wrong. – Brent Baisley Jul 26 '12 at 02:08
  • And, just for clarification: The referrer is _not_ send “by Facebook”, but by _your browser_. And since your page is embedded into an iframe on facebook.com, the referrer (if any) will always be just facebook.com/… – this is how the HTTP refer(r)er _works_ – you can’t expect to get the address of some other page that did _not_ link to your page directly, but to Facebook instead. – CBroe Jul 26 '12 at 11:26
  • What's odd is that it seems like Facebook is somehow preventing the header from being sent. I haven't done anything to stop it, and I've found other apps that *do* send the referer header as expected. – Colin Jul 26 '12 at 16:55

0 Answers0