Some Update & Security Feature

[youyi1314]

Sorry that i dont know how to pull requests. below is what to update: Added [appsecret_proof] after [access_token] to Contracts/Bot.php 'appsecret_proof' => hash_hmac('sha256', $this->token, getenv('FACEBOOK_APP_SECRET')), Noted: getenv('FACEBOOK_APP_SECRET') is app secret

Added Hide Share Button at Messages/UrlButton.php

now can hide share function at Webview : https://developers.facebook.com/docs/messenger-platform/send-api-reference/url-button

https://github.com/CasperLaiTW/laravel-fb-messenger/pull/66/files#diff-e9843cfb4dc44a8337e65ebdbc948b5b

Below is my custom some feature at Collections/ButtonCollection.php

/**

• Add web url button with messenger extensions
• @param $text
• @param $url
• @param bool $share
• @param string $webviewType

• @return ButtonCollection */ public function addExtWebButton($text, $url, $share = false, $webviewType = UrlButton::TYPE_FULL) { $button = new UrlButton($text, $url); $button->useMessengerExtensions(); $button->setWebviewHeightRatio($webviewType); if($share){ $button->hideShareButton(); } $this->add($button);

  return $this;

  }

Thanks

[CasperLaiTW]

Hi @youyi1314

I have no idea why need appsecret_proof.

I didn't see to use it on Messenger platform.

[youyi1314]

@CasperLaiTW this is Facebook Api Security setting you may check out here: https://developers.facebook.com/docs/graph-api/securing-requests

[CasperLaiTW]

Thank you

I will review it and check how is working. Looking like have to turn on Require App Secret.

I will test if turn off and added appsecret_proof - then what's happened

[youyi1314]

sure, I tested before, it work both enable or disable. If disable it just ignore (appsecret_proof). Thanks