Facebook login error and CSRF protection

  • acss21acss

    (@acss21acss)


    7 years ago

    I encounter Facebook login error:

    Facebook SDK returned an error: Cross-site request forgery validation failed. Required param “state” missing from persistent data.

    After some search I found following solution on StackOverflow solved my problem:

    if (isset($_GET['state'])) {
    $helper->getPersistentDataHandler()->set('state', $_GET['state']);
}

    I found I can replace the code that used in plugin to set FBRLH_state (line 417-419 of super_socializer.php) with this snippet, and it works for me.

    BUT, both of these solutions will breaks CSRF protection as others comments. AND there is a way to keep CSRF protection by implement PersistentDataInterface. Here is an solution provided by other answer, but it is for Laravel. Hope you can implement this in your plugin to improve security.

    Thanks,
    Yuji

    • This topic was modified 7 years ago by acss21acss.
    • This topic was modified 7 years ago by acss21acss.

The topic ‘Facebook login error and CSRF protection’ is closed to new replies.

  • 0 replies
  • 1 participant
  • Last activity: 7 years ago
  • Status: not resolved