What do I do if I get a "you may be a victim of cross-site request forgery" message?
If after installing and configuring the Facebook login button, when you click on the login button you get this message:
or this message:
"You may have not allowed the email address to be used or the token is not valid. You may be a victim of cross-site request forgery or the method of connecting to the Facebook URL with HTTPS is not allowed. Please contact the merchant to warn him."
then you have to check the URLs indicated in the configuration of your Facebook application, both the callback URL in the "Facebook Login -> Settings" tab, and the URLs indicated in the "Settings -> "Basic" tab:
- check that all URLs start the same way (for example, if a URL starts with "https://www" all others must start with "https://www" and not just "https://" without the "www")
- check that the callback URL is in "https" (and not just "http") in "Valid OAuth Redirect URIs" in the "Facebook Login" -> "Settings" tab
Other FAQs in this category
- Why are the email addresses of the Facebook login button users not being retrieved correctly?
- Why don't my login buttons appear on the login page?
- Why does Google give me the error "You do not have permission to access this document"?
- What can prevent my customers from logging in automatically after they click on the login button?
- How do I change CSS & templates files in order to integrate my theme ?