[英]How can I stop the momentary redirect with the #_=_ on the url when using Facebook Oauth?
I'm using Passport and Angular to log in to a site via Facebook. 我正在使用Passport和Angular通过Facebook登录到站点。 Code looks like:
代码如下:
facebookStrategy: function() {
if (!process.env.FACEBOOK_APP_ID) {
throw new Error("A Facebook App ID is required if you want to enable login via Facebook.");
}
if (!process.env.FACEBOOK_APP_SECRET) {
throw new Error("A Facebook App Secret is required if you want to enable login via Facebook.");
}
return new FacebookStrategy({
clientID: process.env.FACEBOOK_APP_ID,
clientSecret: process.env.FACEBOOK_APP_SECRET,
callbackURL: process.env.FACEBOOK_CALLBACK_URL || ("http://localhost:" + process.env.PORT + "/auth/facebook/callback")
}, function(accessToken, refreshToken, profile, done) {
var user;
user = module.exports.findOrCreateOauthUser(profile.provider, profile.id);
done(null, user);
});
}
( http://localhost
? crap, need to fix that, this is some sample code that I'm adapting) (
http://localhost
?废话,需要解决这个问题,这是我正在适应的一些示例代码)
OK so the solution to this is (jade): 确定,所以解决方案是(玉):
script(type="text/javascript").
if (window.location.href.indexOf('#_=_') > 0) {
window.location = window.location.href.replace(/#.*/, '');
}
That seems fine, but it's an unnecessary redirect. 看起来不错,但这是不必要的重定向。 So the perfectionist in me would like to get rid of it.
因此,我中的完美主义者想摆脱它。 The docs seem to say that
redirect_uri
is needed here, but I have callbackURL
and Passport Facebook lib seems to think they're the same . 文档似乎说这里需要
redirect_uri
,但是我有callbackURL
和Passport Facebook lib 似乎认为它们是相同的 。 Still getting the redirection to the meaningless URL even when using callbackURL
. 即使使用
callbackURL
仍然可以重定向到无意义的URL。
Specifically I want to know if it's possible to fix this via Passport instead of page-side javascript that fixes the url. 具体来说,我想知道是否可以通过Passport来解决此问题,而不是通过用于修复网址的网页端JavaScript来解决此问题。 The latter seems hacky.
后者似乎很hack。
This is a bug on Facebook's side, not Passport's. 这是Facebook方面的错误,而不是Passport的错误。 You can't change the hash server-side, so adding this snippet at the top of your JS will do the trick (no need for a redirect):
您无法在服务器端更改哈希,因此在JS顶部添加此代码段即可达到目的(无需重定向):
if (window.location.hash === '_=_') {
window.location.hash = '';
}
Per the author of Passport-Facebook : 根据Passport-Facebook的作者:
Facebook's OAuth 2.0 implementation has a bug in which the fragment #_=_ is appended to the callback URL.
Facebook的OAuth 2.0实现存在一个错误,其中片段#_ = _附加到了回调URL。 This appears to affect Firefox and Chrome, but not Safari.
这似乎会影响Firefox和Chrome,但不会影响Safari。 This fragment can be removed via client-side JavaScript, and @niftylettuce provides a suggested workaround [there is a link].
可以通过客户端JavaScript删除此片段,而@niftylettuce提供了建议的解决方法[有链接]。 Developers are encouraged to direct their complaints to Facebook in an effort to get them to implement a proper fix for this issue.
鼓励开发人员将其投诉转到Facebook,以使他们为该问题实施适当的修复。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.