Facebook PHP SDK 5 :: API 2.4 :: 跨站请求伪造验证失败。缺少必需的参数“状态”
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/31520593/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Facebook PHP SDK 5 :: API 2.4 :: Cross-site request forgery validation failed. Required param "state" missing
提问by éric Senterre
I did a very simple PHP script, just to try to login via Facebook and get an accessToken. But when I try the following code, I get an Exception from the SDK : ? Cross-site request forgery validation failed. Required param "state" missing. ?.
我做了一个非常简单的 PHP 脚本,只是为了尝试通过 Facebook 登录并获取一个 accessToken。但是当我尝试以下代码时,我从 SDK 收到一个异常:?跨站点请求伪造验证失败。缺少必需的参数“状态”。?.
Here is my code :
这是我的代码:
require_once __DIR__ . '/facebook-sdk-v5/autoload.php';
session_start();
$fb = new Facebook\Facebook([
'app_id' => '{my-own-app-id}',
'app_secret' => '{my-own-app-secret}'
]);
// Check to see if we already have an accessToken ?
if (isset($_SESSION['facebook_access_token'] )) {
$accessToken = $_SESSION['facebook_access_token'];
echo "Horray we have our accessToken:$accessToken<br />\n";
} else {
// We don't have the accessToken
// But are we in the process of getting it ?
if (isset($_REQUEST['code'])) {
$helper = $fb->getRedirectLoginHelper();
try {
$accessToken = $helper->getAccessToken();
} catch(Facebook\Exceptions\FacebookResponseException $e) {
// When Graph returns an error
echo 'Graph returned an error: ' . $e->getMessage();
exit;
} catch(Facebook\Exceptions\FacebookSDKException $e) {
// When validation fails or other local issues
echo 'Facebook SDK returned an error: ' . $e->getMessage();
exit;
}
if (isset($accessToken)) {
// Logged in!
$_SESSION['facebook_access_token'] = (string) $accessToken;
// Now you can redirect to another page and use the
// access token from $_SESSION['facebook_access_token']
echo "Finally logged in! Token:$accessToken";
}
} else {
// Well looks like we are a fresh dude, login to Facebook!
$helper = $fb->getRedirectLoginHelper();
$permissions = ['email', 'user_likes']; // optional
$loginUrl = $helper->getLoginUrl('http://mywebsite.com/myapp/index.php', $permissions);
echo '<a href="' . $loginUrl . '">Log in with Facebook!</a>';
}
}
exit;
回答by mdalda
I had to add this lines in some servers:
我不得不在一些服务器中添加这一行:
$helper = $fb->getRedirectLoginHelper();
if (isset($_GET['state'])) {
$helper->getPersistentDataHandler()->set('state', $_GET['state']);
}
I get this error randomly, depending of the server config.
我随机收到此错误,具体取决于服务器配置。
回答by che-azeh
If you're using a "www" version of your site to generate the login link and you get redirected to the non-www version, you'll run into issues with your session. So make sure you access the www version of your site and then define the callback url to the same www version. Also, you can define permanent redirects in your server configuration to make sure anyone accessing your site from the non-www version gets redirected to the www version or vice versa.
如果您使用网站的“www”版本来生成登录链接,并且您被重定向到非 www 版本,那么您的会话就会出现问题。因此,请确保您访问网站的 www 版本,然后将回调 url 定义为相同的 www 版本。此外,您可以在服务器配置中定义永久重定向,以确保从非 www 版本访问您的站点的任何人都被重定向到 www 版本,反之亦然。
回答by Ruhul Amin
session_start() at the beginning of both the scripts. I got solution from here: https://github.com/facebook/facebook-php-sdk-v4/issues/473
session_start() 在两个脚本的开头。我从这里得到了解决方案:https: //github.com/facebook/facebook-php-sdk-v4/issues/473
回答by ashutosh
I also ran into the same problem and after researching on stackoverflow putting line
我也遇到了同样的问题,在研究了 stackoverflow put line 之后
$_SESSION['FBRLH_state']=$_GET['state'];
above has solved my problem
以上解决了我的问题
$helper = $fb->getRedirectLoginHelper();
回答by Dan Baddeley
Setting [PersistentDataHandler] explicitly before you get your tokens will guarantee that the request will be a success. Below shows how to fetch $_GET['state'] & simply inject it into the "to be used [helper]" on Symfony 2.x | 3.x
在获取令牌之前明确设置 [PersistentDataHandler] 将保证请求将成功。下面展示了如何在 Symfony 2.x 上获取 $_GET['state'] 并简单地将其注入到“要使用的 [helper]”中 | 3.x
I had the exact same issue as the O.P. and this fixed my problem.
我遇到了与 OP 完全相同的问题,这解决了我的问题。
//create your new facebook sdk instance
$this->fb = new Facebook([
'app_id' => $facebookAppId,
'app_secret' =>$facebookAppSecret,
'default_graph_version' =>$facebookDefaultGraphVersion
]);
//retrieve the helper
$this->helper = $this->fb->getRedirectLoginHelper();
//below is the money shot
//setting this explicitly before you get your tokens will guarantee that the request will be a success. It Fetches $_GET['state'] & simply injects it into the "to be used [helper]"
$this->helper->getPersistentDataHandler()->set('state', $request->query->get('state'));
回答by Ricky Harerri
This is a common issue that many people facing in FB Api. this is only a SESSION problem. To solve this issue add some code like.
这是许多人在 FB Api 中面临的常见问题。这只是一个会话问题。要解决此问题,请添加一些代码,例如。
On callback script usually fb-callback.php add "session_start();" just before you include the facebook autoload file. and then "$_SESSION['FBRLH_state']=$_GET['state'];" after the "$helper = $fb->getRedirectLoginHelper();" line.
在回调脚本上通常 fb-callback.php 添加“session_start();” 就在您包含 facebook 自动加载文件之前。然后“$_SESSION['FBRLH_state']=$_GET['state'];” 在“$helper = $fb->getRedirectLoginHelper();”之后 线。
Example :
例子 :
<?php
session_start(); /*Add session start*/
include 'vendor/autoload.php';
include 'config.php'; /*Facebook Config*/
$helper = $fb->getRedirectLoginHelper();
$_SESSION['FBRLH_state']=$_GET['state']; /*Add This*/
try {
$accessToken = $helper->getAccessToken();
} ?>
回答by Jean.R
you receive this error if you origin hostname is different than the target hostname once authenticated.
如果您的原始主机名与经过身份验证的目标主机名不同,您会收到此错误。
$loginUrl = $helper->getLoginUrl('http://mywebsite.com/myapp/index.php', $permissions);
with this statement, if the visitor on your website used http://www.mywebsite.com/the cross-site error will be raised.
有了这个声明,如果您网站上的访问者使用http://www.mywebsite.com/将引发跨站点错误。
You must ensure that origin and target hostname are exactly the same, including the eventual www prefix.
您必须确保源和目标主机名完全相同,包括最终的 www 前缀。
Fixed version:
固定版本:
$loginUrl = $helper->getLoginUrl('http://'.$_SERVER['SERVER_NAME'].'/myapp/index.php', $permissions);
回答by Chao Chen
As I answered here : Facebook SDK returned an error: Cross-site request forgery validation failed. The "state" param from the URL and session do not match
正如我在这里回答的那样:Facebook SDK 返回错误:跨站点请求伪造验证失败。URL 和会话中的“状态”参数不匹配
you need to make sure your native PHP session feature is properly set.
您需要确保正确设置了您的本机 PHP 会话功能。
回答by Adam Tong
For me the problem is solved now just by starting the session by adding this:
对我来说,现在只需通过添加以下内容来启动会话即可解决问题:
session_start();
at the beginning of both files (the first file generating facebook url and the callback file: login.php and fb-callback.php (https://developers.facebook.com/docs/php/howto/example_facebook_login)).
在两个文件的开头(生成 facebook url 的第一个文件和回调文件:login.php 和 fb-callback.php ( https://developers.facebook.com/docs/php/howto/example_facebook_login))。
I also had to add this:
我还必须添加这个:
$config['app_id'] = 'myapp_id';
at the top of to prevent another non related error.
在顶部以防止另一个不相关的错误。
回答by éric Senterre
The real problem here was the encoding of my PHP file. I used UTF8, but it should have been UTF8 w/o BOM.
这里真正的问题是我的 PHP 文件的编码。我使用了 UTF8,但它应该是没有 BOM 的 UTF8。
The side effect of the wrong encoding was that my SESSION was not working properly, and then the SDK wasn't able to retrieve the necessary informations to work properly.
错误编码的副作用是我的 SESSION 无法正常工作,然后 SDK 无法检索必要的信息以正常工作。
A properly configured error reporting would have told that there was an issue straight way.
正确配置的错误报告会直接告诉您存在问题。
I think that we can fill this bug in the "noob" category. But still, I think it can be useful to other noobs like me.
我认为我们可以在“noob”类别中填补这个错误。但是,我仍然认为它对像我这样的其他菜鸟很有用。
