LaravelFacebookSdk: Cross-site request forgery validation failed. Required param "state" missing.
I dont know why,but I started getting this issue suddenly.I tried to debug and found in the FacebookRedirectLoginHelper the function validateCsrf() does not get the savedstate
$savedState = $this->persistentDataHandler->get('state');
I am not how to resolve this.I tried printing both the $state and $savedState and I get $savedState as null
Where am I making a mistake with this?
class FacebookController extends Controller {
public function fbConnect(LaravelFacebookSdk $fb)
{
// Obtain an access token.
try {
$token = $fb
->getRedirectLoginHelper()
->getAccessToken();
} catch (Facebook\Exceptions\FacebookSDKException $e) {
dd($e->getMessage());
}
dd($token);
// Access token will be null if the user denied the request
// or if someone just hit this URL outside of the OAuth flow.
if (! $token) {
// Get the redirect helper
$helper = $fb->getRedirectLoginHelper();
if (! $helper->getError()) {
abort(403, 'Unauthorized action.');
}
// User denied the request
dd(
$helper->getError(),
$helper->getErrorCode(),
$helper->getErrorReason(),
$helper->getErrorDescription()
);
}
//Long lived token code after this
About this issue
- Original URL
- State: closed
- Created 9 years ago
- Comments: 29 (4 by maintainers)
@epicsurf, @sachintaware I’ve done a hack for the moment inside facebook’s sdk to bypass this. I didn’t succeeded to find what’s generating this session problem. I’ve encountered it on MAMP, CentOS. At the begining i thought it was only from MAMP, but looks like there’s also present in our prod apps.
I commented out line 249 from FacebookRedirectLoginHelper.php
somehow session vars $state and $savedState from line 268 in the same file, are not being saved.
i’m not so ok with my time to debug the sessions and get to the roots of the bug. Maybe someone with more time could help us?