I'm using facebook php sdk 3.1.1 and the current version of the facebook JS sdk. Our users are not reporting errors, but I'm seeing a ton of error log messages like this:
Unknown algorithm. Expected HMAC-SHA256
I see from the source that the error is triggered when reading a signed request with the wrong encoding encoding algorithm, but I'm not sure why that would be, as all signed requests should 开发者_开发百科be generated by the facebook JS code.
Anyone seen this behavior? Any idea how bad a thing this is, or whether it's really indicative of errors? I have been unable to replicate it on demand.
Try logging some of the signed_request parameters to inspect them manually. For instance, you could change the log line in Base_Facebook::parseSignedRequest to this:
self::errorLog('Unknown algorithm. Expected HMAC-SHA256, request='.$signed_request);
Once you have a few of these logged, decode them manually or paste them at the end of this URL:
https://developers.facebook.com/tools/echo?signed_request=
Check what algorithm is specified in the payload or whether the data is malformed in some way. If you share the results here, make sure to omit private data like the access token value.
You might also want to check your web server access logs. For starters, look for GET requests with a signed_request query parameter that occurred around the same time as those entries in your error logs.
Perhaps use the v3.1.1 of the SDK? https://github.com/facebook/php-sdk
Propably you're doing get/post request to the same page where youre creating Facebook object. So there's no any parameter signed_request for your request and Facebook class returning this error for You :)
Maybe Google or other search engines making request to your site using their crawlers? Thats possibility too.
I hope this answer will be helpful for You.
I looked through my logs and found what I believe to be the problem. I found that there isn't an exact correlation regarding the timestamp, but there is a close enough correlation between this log entry in the syslog and a logged request which uses a bing referer.
The bing referer has a handful of telltale signs of being related:
1) Url: http://www.bing.com/fbf/search
2) Query string components:
2a) form=FBKBFT
2b) pc=FACEBK
2c) signed_request=
Going to http://www.bing.com/fbf/search loads up what appears to be the facebook bing searcher. If you go to facebook and use the search at the top to look for anything, then go to Web Results, you'll see it uses bing as well.
I believe that bing's facebook integration is somehow passing some sort of invalid data in the signed_request query string. Unfortunately, I'm just the sysadmin and the server I'm seeing this on is one of my customers. One that doesn't care about the error. I've filtered it using syslog-ng to a separate log file, along with a whole slew of other errors coming from php facebook stuff.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论