What do I do if I get a "you may be a victim of cross-site request forgery" message?
If after installing and configuring the Facebook login button, when you click on the login button you get this message:
or this message:
"You may have not allowed the email address to be used or The token is not valid. You may be a victim of cross-site request forgery or the connect method to the Facebook URL with HTTPS is not allowed. Please contact the merchant to warn him."
then you have to check the URLs indicated in the configuration of your Facebook application, both the callback URL in the "Facebook Login -> Settings" tab, and the URLs indicated in the "Settings -> "Basic" tab:
- check that all URLs start the same way (for example, if a URL starts with "https://www" all others must start with "https://www" and not just "https://" without the "www")
- check that the callback URL is in "https" (and not just "http") in "Valid OAuth Redirect URIs" in the "Facebook Login" -> "Settings" tab