I’m using the facebook php library to authenticate users to my app, it’s working fine but for some reason facebook is appending the characters
#_=_ to the end of my return uri. I read that they did this if the
redirect_uri parameter wasn’t set but I do have it set, in fact I’m redirected to that URL successfully after I log in on facebook.
Here’s how I get the login url:
$fbLoginUrl = $fb->getLoginUrl(array( 'scope' => 'email,publish_stream,user_birthday,user_photos,friends_photos', 'redirect_uri' => 'http://myapp.net/auth' ));
Everything works fine it’s just a cosmetic thing I guess. Can anyone help me?
Thanks in advance!
On Facebook developer blog, it was told that, if you explicitly set the
redirect_uri param, you won’t get the
#_=_ appended to the callback uri. But this is not the case. You still get those characters even on setting
redirect_url field. But that won’t have any effect on your flow.
You can only get rid of this client-side.
You might think that you could solve this server-side by redirecting to a URL without the anchor:
- facebook redirects to
- Then we redirect to some new URL, without the anchor
#_=_ reappears by magic in the browser address bar – how?
See James Pearce’s answer at http://developers.facebook.com/bugs/318390728250352 :
“Some browsers will append the hash fragment from a URL to the end of a new URL to which they have been redirected (if that new URL does not itself have a hash fragment).”
and also this:
Firefox, Chrome, and Opera [and now IE10] will re-attach a URL
Fragment after a HTTP/3xx redirection has taken place, even though
that fragment was not present in the URL specified by the Location
header on the redirection response
So if you’re just doing server side redirects from your Facebook redirect page, you’re going to have to remove this client-side.
The other alternative is to redirect server-side to a URL that contains a different named anchor – but that doesn’t really solve the problem and not all browsers will do the same thing.