fix canvas iframe mode, thanks joaopedrogoncalves

facebook/__init__.py

@@ -859,6 +859,9 @@ class Facebook(object):
     in_iframe
         True if the current request is for an HTML page to embed in Facebook inside an iframe.
 
+    is_session_from_cookie
+        True if the current request session comes from a session cookie.
+
     in_profile_tab
         True if the current request is for a user's tab for your application.
 
@@ -922,6 +925,7 @@ def __init__(self, api_key, secret_key, auth_token=None, app_name=None, callback
         self.page_id = None
         self.in_canvas = False
         self.in_iframe = False
+        self.is_session_from_cookie = False
         self.in_profile_tab = False
         self.added = False
         self.app_name = app_name
@@ -1231,6 +1235,7 @@ def check_session(self, request):
         if self.session_key and (self.uid or self.page_id):
             return True
 
+
         if request.method == 'POST':
             params = self.validate_signature(request.POST)
         else:
@@ -1257,10 +1262,12 @@ def check_session(self, request):
             # first check if we are in django - to check cookies
             if hasattr(request, 'COOKIES'):
                 params = self.validate_cookie_signature(request.COOKIES)
+                self.is_session_from_cookie = True
             else:
                 # if not, then we might be on GoogleAppEngine, check their request object cookies
                 if hasattr(request,'cookies'):
                     params = self.validate_cookie_signature(request.cookies)
+                    self.is_session_from_cookie = True
 
         if not params:
             return False
@@ -1371,6 +1378,7 @@ def validate_cookie_signature(self, cookies):
         hasher.update(self.secret_key)
         digest = hasher.hexdigest()
         if digest == cookies[api_key]:
+            params['is_session_from_cookie'] = True
             return params
         else:
             return False

facebook/djangofb/__init__.py

@@ -5,6 +5,7 @@
 from django.http import HttpResponse, HttpResponseRedirect
 from django.core.exceptions import ImproperlyConfigured
 from django.conf import settings
+from datetime import datetime
 
 try:
     from threading import local
@@ -213,4 +214,24 @@ def process_response(self, request, response):
         if not self.internal and request.facebook.session_key and request.facebook.uid:
             request.session['facebook_session_key'] = request.facebook.session_key
             request.session['facebook_user_id'] = request.facebook.uid
+
+        try:
+            fb = request.facebook
+        except:
+            return response
+
+        if not fb.is_session_from_cookie:
+            # Make sure the browser accepts our session cookies inside an Iframe
+            response['P3P'] = 'CP="NOI DSP COR NID ADMa OPTa OUR NOR"'
+            fb_cookies = {
+                'expires': fb.session_key_expires,
+                'session_key': fb.session_key,
+                'user': fb.uid,
+            }
+
+            expire_time = datetime.utcfromtimestamp(fb.session_key_expires)
+
+            for k in fb_cookies:
+                response.set_cookie(self.api_key + '_' + k, fb_cookies[k], expires=expire_time )
+            response.set_cookie(self.api_key , fb._hash_args(fb_cookies), expires=expire_time )
         return response