I have integrated Facebook with my application to post content. It was working until version 1.2 of the application, but now I am getting a security warning just after login as bellow.
The weird thing about this security warning is that it works for one of my Facebook accounts properly without any warning as previously, but I get this warning with my other account. I have attached a screen shot of the issue:
Disabling the secure browsing is not worth , as we cant make all the users to disable secure browsing.
I do have resolved.Check my answer here. Escape from Facebook security Warning
After a long time spend on Internet to search this issue. Finally I got the answer about it.
Login to Facebook account > Go to Privacy Setting > Click on Security tag on left side of Page > then Disable Secure browsing
Now Reset your simulator and and then Run application and again login it will work for sure
Short answer is that the problem can be solved if you use your own redirect_uri rather than the standard facebook one. When the access token is returned, the standard www.facebook.com/connect/login_success.html page has a timer which will change the URL possibly before your app can retrieve the access token.
This problem can occur related to internet latency. We had two customers report issues with this one in Myanmar and one in the UK. No issues for anyone else. Assuming you are authorizing like this:
https://www.facebook.com/v2.10/dialog/oauth?client_id=999999999999999&redirect_uri=https://www.facebook.com/connect/login_success.html&response_type=token&scope=user_photos,user_events&display=popup
For the default redirect_uri (https://www.facebook.com/connect/login_success.html), facebook returns the access_token in the parameters of the URL, but the html body for that page contains two timers:
Success <br/>
<b id="warning" style="display: none; color:red">
SECURITY WARNING: Please treat the URL above as you would your password and do not share it with anyone.
See the <a href="http://l.facebook.com/l.php?u=xxxxxxx" target="_blank" data-lynx-mode="hover">Facebook Help Center</a> for more information.
</b>
<script type="text/javascript">
document.domain = 'facebook.com';
if (window == top) {
setTimeout(function () { document.getElementById("warning").style.display = "block"; }, 2000);
}
setTimeout(function () { if (window.history.replaceState) { window.history.replaceState({}, "", "\/connect\/blank.html#_=_"); } }, 2000);
</script>
When either timer fires, it will change the URL which removes the access_token. So as long as you catch that before it changes, everything works. In our case, we were using an embedded browser control under Windows and monitoring the navigated links. As long as the code can receive a navigation event containing the access_token before this timeout occurs, then everything worked. We were never able to determine how latency of the internet connection and possibly some combination of a user's slow computer caused this problem, but this solved it.
In the Facebook Login settings for your facebook app, add your own URIs to the list of Valid OAuth redirect URIs. If you redirect to your own html page, then you can avoid the facebook timeout.
