1

I've created a FB application, hosted on Heroku. The app is written in Ruby.

  1. The app used to load correctly inside facebook iframe.
  2. Now, if I open the app through app.facebook.com/app_namespace, an empty screen is shown. When I have enabled exception trace, it now shows as if the access_token for graph koala object is nil.
  3. If I open Canvas URL, e.g. the "direct" URL everything works fine, but I have to first call direct authroization on facebook through "/auth/facebook".
  4. The iframe now shows koala "Unsupported get method", but through debugging it is evident that access_token obtained from graph is nil.
  5. Behavior is the same for generated test users as well as developer users.

Already tried:

  1. I've tried to debug the Canvas URL through online FB debugger, and Scraper seems to see correct HTML.
  2. Try to reauthorize the app, to no avail.
emirc
  • 1,948
  • 1
  • 23
  • 38

1 Answers1

2

By default Sinatra uses rack-protection to set the X-Frame_Options header. It looks like this is what is causing your problems.

You can disable it with this line in your application:

set :protection, :except => :frame_options
Community
  • 1
  • 1
matt
  • 78,533
  • 8
  • 163
  • 197
  • Matt, thanks. This could be problem with access_token. Now, the "standalone" version works well after I call "/auth/facebook" and then I can use it. For the iframe version this does not help. Also, I have enabled show_exceptions and the problem is that inside iFrame access_token is not valid? I'm confused. :) – emirc Aug 21 '13 at 14:58
  • Matt, I'll accept the answer, this did help. What's the syntax to :except multiple values, e.g. :frame_options and :http_origin? – emirc Aug 22 '13 at 13:23
  • 1
    @emirc use an array: `set :protection, :except => [:frame_options, :http_origin]` http://www.sinatrarb.com/intro.html#Configuring%20attack%20protection – matt Aug 22 '13 at 13:35