tag:blogger.com,1999:blog-16002962.post790297825995033353..comments2023-10-13T01:00:52.135-07:00Comments on Web Jazz: Gotchas of internal iFrame facebook apps and external web apps using Facebooker gemWil Chttp://www.blogger.com/profile/03696320260631888445noreply@blogger.comBlogger21125tag:blogger.com,1999:blog-16002962.post-19877317129679464272009-04-24T19:02:00.000-07:002009-04-24T19:02:00.000-07:00Yuppers, thanks for the info. Check that that pat...Yuppers, thanks for the info. Check that that path to your layout is correct, is the only thing I can think of. Good luck~!Wil Chttps://www.blogger.com/profile/03696320260631888445noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-67848595917827893832009-04-24T18:56:00.000-07:002009-04-24T18:56:00.000-07:00This should be my last post...sorry to be annoying...This should be my last post...sorry to be annoying. I only post so not to confuse others. It's not facebook..... for some reason, my app is not rendering the application layout when calling app/controller/action/id.Stephennoreply@blogger.comtag:blogger.com,1999:blog-16002962.post-63922869483801548732009-04-24T18:25:00.000-07:002009-04-24T18:25:00.000-07:00Thanks for the reply. I did ye ole firefox web de...Thanks for the reply. I did ye ole firefox web developer plugin and viewed the source of the iframe. When I do app/controller/action/id, facebook is cutting out the head tag. Even if i put the css and the js for that matter in the body, facebook is still parsing it out. Not sure if this is FB policy, but it is weird none the less.Stephennoreply@blogger.comtag:blogger.com,1999:blog-16002962.post-23181955313294563892009-04-24T18:12:00.000-07:002009-04-24T18:12:00.000-07:00I should amend that this post is really old. I ha...I should amend that this post is really old. I haven't worked with the facebooker plugin in a while, so I don't know if it's still applicable. <br /><br />In general, no, I haven't had problems rendering the stylesheet. <br /><br />First, I'd tail either the rails log or the apache log to see whether requests are actually coming into the application. If they aren't, then I'd check the settings on fb for the app to make sure that the paths are correct. There's a lot of options to setup an fb app, so it's easy to get it wrong. <br /><br />If it is coming through, then I don't know.Wil Chttps://www.blogger.com/profile/03696320260631888445noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-51754368670880122322009-04-24T18:01:00.000-07:002009-04-24T18:01:00.000-07:00Did you have any problems with your stylesheet ren...Did you have any problems with your stylesheet rendering when you had urls such as site/controller/action/id?<br /><br />When my app starts it begins at apps.facebook.com/appname and then once in the app, no matter where i click the url in the browser never changes, although we know it's following the routes. <br /><br />When type in directly apps.facebooker.com/appname/controller/action/id the stylesheet does not render.<br /><br />Thoughts?Stephennoreply@blogger.comtag:blogger.com,1999:blog-16002962.post-81138931943465968782009-03-24T09:23:00.000-07:002009-03-24T09:23:00.000-07:00@AdamInteresting "cheat". Good thinking. I'll ha...@Adam<BR/>Interesting "cheat". Good thinking. I'll have to try that.<BR/><BR/>@BFW<BR/>#1: My <I>#from_facebook?</I> method is essentially the same thing as <I>#requset_comes_from_facebook?</I>. Either I missed that when I was working on this, or it wasn't working for me then; most likely the former. My <I>#from_facebook?</I> is a one-liner: <BR/><I>params[:fb_sig] || facebook_session ? true : false</I> .<BR/>The things we do out of frustration, like not reading the docs...<BR/><BR/><I>#request_comes_from_facebook?</I> calls <I>#request_is_fb_ping?</I>, which in turn checks <I>!params[:fb_sig].blank?</I>, which is safer than than what I'm doing. I call <I>#facebook_session</I> to ensure that the FB session is set up before I try to use it.<BR/><BR/>#2: I haven't touched this stuff since the end of last year, so I'm a bit rusty. As you probably know, Facebook only provides its authentication parameters to your site's iframe when the user first hits any page in the app. Once the user clicks on any of the links in that iframe, the session is lost due to the default 3rd party cookie restrictions on most browsers, so your Facebook session (including the Facebook ID of the user who's browsing your site) is gone.<BR/><BR/>AJAX requests will suffer from the same problems as #3 in the OP and the 3rd party cookies issue. Your AJAX requests on that page need some seesion info as well: they are separate requests themselves, just sans the full page load. The main page will appear to come in fine, but the AJAX requests won't look like they're coming from the same user (unless you're using Firefox, which had 3rd party cookie support turned on by default); it'll look like a completely new uesr. You'll need to use one of the 3rd party cookie fixes posted above.<BR/><BR/>Bonus: As far as I remember, profile box pages must be built from FBML that you have to publish to Facebook. I think it has very limited AJAX support (images only IIRC?).<BR/><BR/><BR/>Hope this helps. Good luck.The Dannerhttps://www.blogger.com/profile/07880113763497040743noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-44848532862032020522009-03-20T13:52:00.000-07:002009-03-20T13:52:00.000-07:00Err, sorry I was asking about the comment by Danne...Err, sorry I was asking about the comment by Danner Mangiarelli.shullhttps://www.blogger.com/profile/02176574916818299274noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-19241023764699774912009-03-20T13:43:00.000-07:002009-03-20T13:43:00.000-07:00OMG this is the most useful thing I've read all we...OMG this is the most useful thing I've read all week.<BR/><BR/>Two questions though:<BR/>what is the function you're calling "from_facebook" in the above comment? Is that the same as "request_comes_from_facebook? http://facebooker.rubyforge.org/classes/Facebooker/Rails/Publisher.src/M000137.html<BR/><BR/>Second question:<BR/>Can you please expand a little bit on #3? The way my manager and I have developed our app was to make it a single page and rely heavily on AJAX. This makes #3 incredibly important to us... :)<BR/><BR/>Bonus question:<BR/>Did I read somewhere that to support a box on a Profile, you must render FBML? Or can that box be an iframe?<BR/><BR/>You are the man for this post, by the way. I can't tell you how much a relief it is that I didn't have work out all this stuff on my own.<BR/><BR/>-Steveshullhttps://www.blogger.com/profile/02176574916818299274noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-19382379105666763682008-10-04T19:02:00.000-07:002008-10-04T19:02:00.000-07:00Thanks Danner.There's also a cheating way to get a...Thanks Danner.<BR/><BR/>There's also a cheating way to get around this: set the target of all of your links to "_top" so every click loads the outer frame. The URL for the links have to be relative to the facebook canvas root, of course. This is easy to do by overriding link_to, and it seems to work fine for me.Adamhttps://www.blogger.com/profile/18370313171850423726noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-22472343157326469152008-09-28T20:55:00.000-07:002008-09-28T20:55:00.000-07:00Your addition came in just before I posted this, b...Your addition came in just before I posted this, but I'll throw it in as well...<BR/><BR/>That's an apparently not-so-well-known problem of 3rd party cookie permissions. Fx3/Win,Linux seems to be the only major browser which allows them. IE/Win, Safari/Win don't allow them by default. I ran into that as well, and kept forgetting to mention it here. Horray for email notifications...<BR/><BR/>The "best" solution I found for this was sessionless cookies, which is pretty easy to do with Rails. I used the solution <A HREF="http://brantinteractive.com/2008/05/13/cookieless-sessions-in-rails/" REL="nofollow">here</A>. It explains the problems with that solution as well. I used a slightly modified version though, since I couldn't seem to get that <I>unless cookies[:_session_id]</I> on that page to work (don't mind blogger's limitation of no syntax highlighting here):<BR/><BR/>def default_url_options(options)<BR/> if from_facebook? && !request.format.fbml?<BR/> key = session.send(:session_key).to_sym<BR/> <BR/> cookies[key] ||= { :value => 'true', :expires => 10.seconds.from_now }<BR/> <BR/> return { key => (request.xhr? ? params[key] : session.session_id) } #unless cookies[key]<BR/> end<BR/>end<BR/><BR/>Basically, if we have something in session[:facebook_session], and the request isn't for fbml, e.g. inside the iframe, include the session key and value in the URL.<BR/><BR/>That's just one solution. We've had luck with it. Only use it if you're willing to make the trade-off for possible session hijacks.The Dannerhttps://www.blogger.com/profile/07880113763497040743noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-34523583410394874082008-09-28T20:54:00.000-07:002008-09-28T20:54:00.000-07:00Regarding my last post, apparently this is a known...Regarding my last post, apparently this is a known issue that only affects Safari, which was what I was using to test all day.<BR/><BR/>It's worth noting for the rest of you that your app may not work in Safari. This post helped me out: http://wcrawford.org/2007/08/29/revisited-facebook-safari-and-external-iframes-that-need-cookies/<BR/><BR/>This is the first time my mac is directly responsible for me LOSING productivity :)Adamhttps://www.blogger.com/profile/18370313171850423726noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-33406674802850846182008-09-28T19:58:00.000-07:002008-09-28T19:58:00.000-07:00This post was very helpful, but I'm having trouble...This post was very helpful, but I'm having trouble with #3. I finally figured out that the problem is that the rails session id is different on the first page load of my app vs. any subsequent page load. <BR/><BR/>It seems that for the first page load, the cookie is stored by facebook (I can tell because the session id is appended with my facebook id), and all subsequent page loads use a session cookie stored on my browser. That makes sense given that facebook stores cookies on behalf of the user on canvas pages, but I have no idea how to get around this. This article's suggestion was to store the fb_params in the session since they're only sent on the first page load, but how do I keep them around if the session changes after the first load?<BR/><BR/>I would think everyone would have this problem, or am I missing something? Thanks in advance for any suggestions.Adamhttps://www.blogger.com/profile/18370313171850423726noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-42551111425086277222008-08-10T22:45:00.000-07:002008-08-10T22:45:00.000-07:00I'll stop being lazy and log in this time... Than...I'll stop being lazy and log in this time... Thanks for clarifying. That's exactly what we're trying to do. As you say, it is convoluted. I guess my problem is that I'm not sure how to tell when the user leaves facebook and they are visiting the site directly, since it's the same domain and session, etc, and how to actually set up the filters to our existing login_required or facebooker's, via tip 1.<BR/><BR/>I'll play around more with that and the login_required filters to get it to work right.<BR/><BR/>Again, thanks for the responses.The Dannerhttps://www.blogger.com/profile/07880113763497040743noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-20523067156070480652008-08-07T10:07:00.000-07:002008-08-07T10:07:00.000-07:00It's actually a bit convoluted. I recommend that,...It's actually a bit convoluted. I recommend that, if you can help it, make a user install your fb app in order to view it inside of facebook. It's just a lot simpler.<BR/><BR/>But if you like the pain, this is part 3 of this post along with part 1. Mobtropolis knows where to redirect to, because it knows where the request is coming from 1) the external app from a browser, or 2) from inside an iframe from facebook. <BR/><BR/>You can tell because the first request from a user has fbparams in the parameters. You'll need to keep that state for the session, and any subsequent requests for that session. And when the user logs out, or jumps between fb app and external app, you'll have to figure out which conditions that require you to clear that state.<BR/><BR/>And then when you redirect, you can't use the normal redirection provided by the facebooker. You'll have to use technique from part one.Wil Chttps://www.blogger.com/profile/03696320260631888445noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-23040504578511221442008-08-06T18:35:00.000-07:002008-08-06T18:35:00.000-07:00I was using the awesome MIME-responder already whe...I was using the awesome MIME-responder already when we had the app as FBML, but we're trying to use an iframe now (same as the OP). Also as with the Mobtropolis, the site is accessible from within facebook and as a standalone app.<BR/><BR/>In Mobtropolis, clicking a "challenge" link takes the user to the install page in facebook, and the login page when viewing through www.mobtropolis.com. This is the behavior I'm having trouble with. I guess I'm not sure how or where to call :ensure_app_installed... for a given action, such that it won't redirect a user to the facebook install page when viewing the site directly. So far, the code from tip 1 works when coming from facebook, but it also runs outside of facebook.<BR/><BR/>Thanks.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16002962.post-83083865749864411792008-08-06T17:40:00.000-07:002008-08-06T17:40:00.000-07:00I don't know exactly what you mean, but take a loo...I don't know exactly what you mean, but take a look at:<BR/><BR/>http://webjazz.blogspot.com/2008/02/mime-responder-filter-for-rails.htmlWil Chttps://www.blogger.com/profile/03696320260631888445noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-17772984237477611072008-08-06T15:40:00.000-07:002008-08-06T15:40:00.000-07:00When the app is in the facebook iframe it knows to...When the app is in the facebook iframe it knows to send the user to the add app page. Yet it doesnt interfere with the main site, it send the user to register/login...<BR/><BR/>How did you do this?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16002962.post-22377099029338245462008-05-18T19:07:00.000-07:002008-05-18T19:07:00.000-07:00I don't know exactly how you coded it up, but I'm ...I don't know exactly how you coded it up, but I'm guessing maybe you need to put the before filters in your calls in your controllers. the ones called ensure_installed_by_facebooker or ensure_authenticated by_facebooker or something like that. <BR/><BR/>That way, the first redirect it'll see is through the facebooker filters, and won't ever hit any of the redirects in your controller methods.Wil Chttps://www.blogger.com/profile/03696320260631888445noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-43825583534636299112008-05-17T21:35:00.000-07:002008-05-17T21:35:00.000-07:00Thanks for the post. Regarding the 2 frame issue,...Thanks for the post. <BR/><BR/>Regarding the 2 frame issue, I had the following problem when using your code. I don't know if this is rails v2 specific:<BR/><BR/>"Render and/or redirect were called multiple times in this action. Please note that you may only call render OR redirect, and at most once per action. Also note that neither redirect nor render terminate execution of the action, so if you want to exit an action after redirecting, you need to do something like "redirect_to(...) and return"."<BR/><BR/>Also, the post and comments only say what time the post or comment was made, but not which day.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16002962.post-5099379434788920082008-04-08T14:39:00.000-07:002008-04-08T14:39:00.000-07:00No problem. Pay it forward, if you find out somet...No problem. Pay it forward, if you find out something that might save others some time.Wil Chttps://www.blogger.com/profile/03696320260631888445noreply@blogger.comtag:blogger.com,1999:blog-16002962.post-12582895572542906022008-04-07T00:00:00.000-07:002008-04-07T00:00:00.000-07:00Thank you! This post was exactly what I needed, sp...Thank you! This post was exactly what I needed, specifically regarding the double iframes issue.Anonymousnoreply@blogger.com