Gotchas
From Facebook Developers Wiki
This page lists tricky or subtle bits that may not be perfectly explained the documentation or clear in the examples. Ideally, they will be, but it's easier to track them on the wiki and make it available in the meantime before the official documentation gets updated.
[edit] Client Library Gotchas
- This just changed today (5/23): to force logging in to the canvas page, specify &canvas at the end of your /login.php? URL.
- Undefined index: facebook_config in /var/www/lib/facebook-platform/client/facebookapi_php5_restlib.php
- The current iteration of the php5 client library looks for a variable $facebook_config['debug'] in GLOBALS, you can suppress this error by defining $facebook_config['debug'] = false (Where?) (answer: anywhere before including facebook.php)
- To avoid having to define this value on each page, you can change the class to check if that value exists. [Code: if (isset($GLOBALS['facebook_config']['debug']) && $GLOBALS['facebook_config']['debug']) { ... } ]
[edit] FBML Bugs
[edit] Apostrophes in profile FBML
Facebook seems to be doing some kind of content translation (like PHP's htmlentities()) on FBML that ends up in the profile blocks.
This manifests itself with HTML like this:
Check out Beau's Digg Profile.
The HTML source looks like:
Check out Beau's Digg Profile.
Which means that it's actually being escaped twice.
The PHP source looks like:
<fb:name uid="..." firstnameonly="true" possessive="true" useyou="false" />
[edit] FBML Gotchas
[edit] <fb:if-is-app-user>
The FBML tag <fb:if-is-app-user> operates on whether the user has agreed to the TOS (which is separate from whether a user has added the app. That is the tag <fb:if-user-has-added-app>.).
[edit] Defining attributes
If the default value of an attribute conflicts with an attribute you explicitly define, you must explicitly nullify the default value.
ie: <fb:name uid="12345" /> - returns 'you' if you're logged in
<fb:name firstnameonly="true" uid="12345" /> - ALSO returns 'you' if you're logged in
<fb:name firstnameonly="true" useyou="false" uid="12345" /> - returns "John" (or your first name)
[edit] Canvas Page Tips
If you're having trouble with your canvas page, a useful way to debug it is to hit "view source". If you're logged in as the developer of the application, it will show in an HTML comment at the top of the page the FBML that your canvas page returned to us. This only works if you're logged in as the developer of the app.
[edit] fb:silverlight
Attributes are: imgsrc, height, width, imgstyle, imgclass, silverlightsrc, swfbgcolor
[edit] Make sure your callback URL doesn't do a redirect!
This is probably a Facebook bug. If your callback URL is, e.g. http://foo/bar, and bar is a directory, your web server might issue a redirect to http://foo/bar/ (normal behavior for a web server). In that case, Facebook's server will fetch http://foo/bar/, but it will *not* send the POST data it sent in the initial fetch. So your code won't get any of the parameters that identify which user is logged in, etc.
The easy workaround is to make sure you have a "/" at the end of your URL if you want to point at a directory rather than at a particular file.
In addition, pyfacebook and facebook began a redirect loop after adding an application twice in short succession. I recreated my facebook app which gave me a new api key and fixed the problem
If using apache mod_rewrite and you keep getting "too many redirects" or 404 file not found errors when using canvas pages, you can resolve this by forcing sending a HTTP 200 Header, using PHP
<?php
header("HTTP/1.1 200 OK");
?>
[edit] Dynamic Content Gotchas
Facebook currently caches all content that appears in profile boxes on the page. This means that the majority of the FBML can be considered as parsed in advance of each profile page load, so content specific to a user viewing the page cannot feasibly be generated in a way other than Flash. This even applies for fb:ref tags.
See Also http://wiki.developers.facebook.com/index.php/Changing_profile_content
[edit] Privacy Policy
If your page that embedded in the iframe uses cookies you must have a privacy policy setup on your site for Internet Explorer to set the cookie under default IE security settings. See http://www.w3.org/P3P/ for more info.
[edit] Code Pushes
Facebook rarely notifies the developer community of changes to the API before they go live. Always remember to check your applications regularly for errors due to API changes.
[edit] IE 30 Style Tags Limit
Note the resolution:
RESOLUTION To work around this limitation, combine multiple classes into a single style tag.
This is, of course, infeasible with the way Facebook embeds apps.
Here's a link to a discussion thread discussing this issue
[edit] IE does not check for new versions of a SWF
If you use fb:swf in a profile page (via profile.setFBML), users on IE who have downloaded your SWF will not get updates when you post them to your server. Facebook retrieves the SWF from your site and the user's browser caches it. If you publish a new version of your SWF with the same full path on your server (e.g., http://myserver.com/myswf.swf), IE will not send a GET request with an If-Modified-Since tag to the server. So users who have previously downloaded your SWF will not see your update.
This problem does not occur in Firefox on Windows. Firefox caches the SWF and sends your server an If-Modified-Since request. If the SWF has been modified, it gets the new version.
Verified on IE7 in Windows XP. Unverified on other browsers and OSes.
For best effect, the following workaround should be implemented before you publish your first SWF:
Workaround:
- Use fbml.setRefHandle to create a ref handle that references FBML that looks like this: <fb:swf swfsrc="http://myserver.com/myswf.swf?v=1">. Note the version number v=1 at the end of the URL. Later you will change this.
- Anywhere you would have used <fb:swf> in your profile.setFBML call, use <fb:ref> instead, referencing the handle you created in the previous step. Don't use <fb:swf> directly. Using <fb:ref> allows you to make mass-updates to everyone's profile in a single call (see next step).
- When you need to update your SWF:
- Post a new version to your server, overwriting the old one. E.g., myswf.swf.
- Use fbml.setRefHandle again to update the FBML on everyone's profile page. Change the URL's parameter list to use the new SWF version number, like this: <fb:swf swfsrc="http://myserver.com/myswf.swf?v=2">. Changing the URL parameter list causes IE to treat this as a different SWF than the one in its cache.
[edit] PHP Sessions
- PHP's cookie-based session handling will not work in Facebook applications. If you need it, put the following code snippet at the top of every page that requires sessions:
session_destroy(); // this line may not be necessary and may generate php warnings?
if (isset($_POST["fb_sig_session_key"]))
{
$_fb_sig_session_key = str_replace("-","0",$_POST["fb_sig_session_key"]);
session_id($_fb_sig_session_key);
}
session_start();
[edit] Debugging 500's
Sometimes your app will throw a 500 but because it's so tightly coupled with Facebook it's hard to see exactly what's going on. Thankfully Facebook comments out the response page and adds it to the view. Next time you see a server error on your canvas page, check the source to see exactly how your server responded.
