开发者

Facebook "Like" button not "liking" content inside secured folder?

开发者 https://www.devze.com 2023-02-12 19:03 出处:网络
I am implement开发者_如何学编程ing the facebook \"Like\" button. works all fine with <fb:like

I am implement开发者_如何学编程ing the facebook "Like" button. works all fine with

    <fb:like 
href="http://www.thismydomain123.com/IlikeThisPage.php?id=123" 
layout="standard" 
show_faces="false" 
width="450" 
action="like" 
colorscheme="light" />  

But having sharable content placed in a secured folder, won't do (accessing the folder directly would prompt "The http://www.thismydomain123.com at mySecureFolder requires a username and password..."):

<fb:like 
href="http://www.parisgallery.com/mySecureFolder/IlikeThisPage.php?id=123" 
layout="standard" 
show_faces="false" 
width="450" 
action="like" 
colorscheme="light" />  

So, is there a way to authenticate or any other preferable solution for this?

thanks a lot,

Steilflug


In short, no there is not a solution that would both work and be secure. When a user clicks the 'like' button on a page, Facebook pings your page from its own servers in order to get images and text to display on your news feed (see Why does Facebook appear in my server logs?). The trick is to let Facebook pings in but block all other traffic that isn't authenticated.

Facebook pings using the user agent facebookexternalhit/1.0 (+http://www.facebook.com/externalhit_uatext.php). If you aren't too concerned about security you could allow access to your pages for any agent using that user agent string. It's important to note, however, that this is entirely insecure because any agent can change their user agent string on their own accord. Facebook also offers no guarantee that their user agent string won't change so this method could stop working at any moment.

Another option would be to simply allow anyone on a Facebook IP address access without authentication. This would work assuming Facebook is consistent about the IPs that it pings from, but again there is no guarantee on this front. This is also potentially insecure if you only want some Facebook features and/or employees to be able to see your content without validation or if Facebook releases their ownership of those IP blocks.

I suppose your real problem is that you're trying to have content that is at the same time both protected and sharable which is a sort of a paradox. The only true solution to this problem would be to allow anyone read access to your content.

0

精彩评论

暂无评论...
验证码 换一张
取 消