-1

I am trying to use the Facebook JSSDK on a website to retrieve the pictures of the Facebook users when they log in to their account. I have used all the valid scopes required to get the user's images.The actual problem arises when I try to login from a different sub-domain. I get an error saying

JSSDK unknown host domain: The domain you are hosting the Facebook Javascript SDK is not in your app's Javascript SDK host domain list. Please specify your host domain in the App Dashboard login settings

Screenshot: JSSDK unknown host error

Here's the JS code I'm using to get the images for reference:

FB.api('/me?fields=albums.limit(5){name,count,cover_photo{picture},photos.limit(10){picture,images}}', function(response) {/*code*/});

I know it's telling me to add the new host domain to the list of allowed domains in Facebook App Dashboard and when I add that url there, it works fine. My actual problem is that the urls of my website are based on sub-domains and these sub-domains are variable, eg: abc.example.com, def.example.com, etc and its a long indefinite list of and its not possible for me to add all the existing subdomain variations manually in the dashboard as new subdomains are also being created. I am looking for a way by which I can use my Facebook functionality from any subdomain of my website or even a legit workaround of this restriction. Is there a way to add the new sub-domains through JS?

I even added the base url of my website(www.example.com) but that didn't worked. Then I tried adding a Wildcard url https://*.example.com in the host list but Facebook doesn't allow that.

ZeREF
  • 1
  • 2
  • The application object's `app_domains` field appears to be updatable now (has not always been the case), if app settings updates _via_ API are enabled in the advanced app settings. But you will always have to update it with _all_ domains, because updating it will overwrite the previous content - so if you need this for a huge amount of subdomains, you might at some point run into some request size limits or similar. – CBroe Aug 25 '23 at 12:41
  • @CBroe I think you are telling me to Enable this option "Allow API Access to app settings", I enabled it, now what next? What url should I keep in the App domains? – ZeREF Aug 25 '23 at 12:50
  • Next you would make the API request to update that field then. _"What url should I keep in the App domains?"_ - like I said, you will have to send _all_ of them, every time you make an update. The value you need to send for this field is a JSON-like array of host names. – CBroe Aug 25 '23 at 12:56
  • @CBroe it will be equivalent to adding all the urls in the dashboard, but I have too many subdomains and the new ones are also created when a new account is created. If you are trying to explain something different then go ahead... – ZeREF Aug 25 '23 at 13:08
  • The `app_domains` field doesn't appear to be relevant regarding JS login in the first place after all - that corresponds to the App Domains field in the dashboard under Settings -> Basic, but for the JS login to work, they need to be added unter Facebook Login -> Settings. I have not found a way to update the latter. – CBroe Aug 25 '23 at 13:13
  • An alternative would be to send users to your main domain first, perform login there, and then send them back to the subdomain. Any API calls that are not login / check of sign-in status related, should still work on the subdomain, without that having been explicitly added. – CBroe Aug 25 '23 at 13:15
  • Whether this could work from within an iframe, I have not tested. Perhaps you could embed a small iframe with its content loaded from your main domain, embed the SDK there, and trigger login from there. But it might be that the SDK has additional checks against that implemented, I don't know. – CBroe Aug 25 '23 at 13:16
  • @CBroe what if I use a manual login flow (without facebook jssdk)? Will I be able to avoid this error? – ZeREF Aug 29 '23 at 13:19
  • Yes; but the `redirect_uri` you use, still needs to be specified in your app settings, and AFAIK/ can see from the documentation, those can't be updated via API either. So you would still have to go "via" your main domain for that part then. The info, which subdomain you need to redirect back to after, can be put into the `state` parameter, the value of that will also be appended to your `redirect_uri` when Facebook sends the user back to your app. – CBroe Aug 29 '23 at 13:28

0 Answers0