Open apasov opened 7 years ago
SammyK
commented
7 years ago Hey @apasov! Thanks for the contribution! I'm certainly willing to accept this PR if you revert the route back to supporting both GET and POST. The reason is there are lots of Facebook apps and page tabs that have multiple pages. So the first hit will be a POST, then the user clicks on another link (within the canvas) and then back to home page and then it's a GET request. So the route needs to support both. :)
apasov
commented
7 years ago Hey @SammyK! Thanks, I'm glad my contribution was useful! Ok, I reverted the route back to both POST and GET. However, I still think it's not a very good solution. I believe that for the situation you described a much better approach would be to create a separate GET route without Canvas/PageTab helpers token validation logic in it, rather than combine both POST and GET in a single route. But that's just my opinion. :)
While implementing Login From App Canvas as described here I encountered some problems. I think the solution I've found should be described in the Troubleshooting section. The main problem is that if Canvas or Page Tab URL has a trailing slash then web server performs a 301 redirect and the POST'ed signed_request is lost. Also I think that Route::match(['get', 'post'] is wrong (and in my case it was misleading) because both Canvas and PageTab helpers will always obtain null access token from a GET request. It should be Route::post in both examples.