Use appsecret_proof instead of checking app.id

[satococoa]

Add appsecret_proof parameter when we get /me. In this way, we don't have to access /app to validate that the token belongs to the application.

https://developers.facebook.com/docs/graph-api/securing-requests#appsecret_proof

[Zverik]

It fails with:

NoMethodError (undefined method `[]' for nil:NilClass):
  config/initializers/cors.rb:9:in `call'

[SoapSeller]

@satococoa I've finally got around to merge this, also, I've given you direct access to the repository. Do with it whatever you want (:

Thanks!

[satococoa]

@SoapSeller I see. Thanks! 👍