Osclass forums

Support forums => Plugins => Facebook Connect => Topic started by: Aficionado on October 21, 2013, 08:51:29 pm

Title: CSRF state token does not match one provided.
Post by: Aficionado on October 21, 2013, 08:51:29 pm

Not 100% sure that the Facebook Connect plugin is to blame, but those log errors started after i installed it.

[21-Oct-2013 02:38:50 America/Los_Angeles] CSRF state token does not match one provided.


I see several of those errors daily.

Title: Re: CSRF state token does not match one provided.
Post by: garciademarina on October 22, 2013, 03:06:54 pm

Hi,

Has been fixed, you can see the changes here:

https://github.com/osclass/plugin-facebook/commit/a78adec1b31ea73dfeec54354c49d87439c062cf

I'm going to upload the package to market.osclass.org

Thanks for reporting

Title: Re: CSRF state token does not match one provided.
Post by: serjuc11111 on April 02, 2015, 03:02:36 pm

 The problem is that after authenticating an user using $facebook->getLoginUrl(), the subsequent $facebook->getUser() call would fail, retuning 0.


The issue is with the PHP SDK, which relies on $_REQUEST from the server, which has changed in PHP 5.4.0 because of default php.ini settings having been changed.
use :
protected function get_code() {
$server_info = array_merge($_GET, $_POST, $_COOKIE);
if (isset($server_info['code'])) {
    if ($this->state !== null &&  isset($server_info['state']) && $this->state ===server_info['state']) {

         
            $this->state = null;
            $this->clearPersistentData('state');
            return $server_info['code'];
 }
else {
         
            return false;
        }
}
return false;
}