This forum is in READ-ONLY mode.
You can look around, but if you want to ask a new question, please use Stack Overflow.

How to allow facebook api to bypass sfGuard authentication

Questions relating to sfGuardPlugin or other user management plugins

How to allow facebook api to bypass sfGuard authentication

by epistrophy » Wed Jul 18, 2012 10:00 pm

Hi everyone,

I'm building a music website on Symfony 1.4 and Doctrine 1.2. I'm trying to integrate facebook plugins (like, send, post a message buttons) on my pages. For example, I want users to be able to like a song on a song page in my song module. But the problem is, I've used sfDoctrineGuard to secure all modules on my app except for the landing page. So if a user logs in and uses the facebook like button to like a song on the song page, because that song module is secured by sfGuardAuth, facebook API can't talk to it and gets forwarded to the landing page. This means that all likes on my app get posted on facebook activity feed as if the user liked my landing page.

Is there a way to build an exception into sfGuard so that any traffic coming from facebook can access that page? Is there a workaround to this? I want to be able to show all the facebook meta data from my secured pages, for whichever song is liked, on a facebook wall. If I disable all sfGuard security, it works fine.

Any help would be great as I'm stumped and haven't found any one else with this problem. Thanks.
epistrophy
Junior Member
 
Posts: 6
Joined: Tue Oct 04, 2011 2:20 am

Re: How to allow facebook api to bypass sfGuard authenticati

by smartblogger » Fri Sep 13, 2013 10:22 am

Well, it could be a huge security hole if you want to allow request from Facebook to be able to by pass your sfGuard security. If someone click that link on Facebook, it will also have access to your website without having to be logged in.

You might find a work around by tweaking the Facebook bot who scrape your page. The user agent of the scraper is: "facebookexternalhit/1.1 (+http://www.facebook.com/externalhit_uatext.php)".
smartblogger
Junior Member
 
Posts: 1
Joined: Fri Sep 13, 2013 10:14 am