Pass appsecret_proof
as a query string parameter as it maybe be ignored if passed in as a body parameter
#1070
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Specifically for some
POST
requests in current implementation we getAPI calls from the server require an appsecret_proof argument
response. Some POST endpoints will send the HTTP body with form encoded data, which would mean the body parameters are ignored.Tangibly related it may be worth also implementing it following https://developers.facebook.com/docs/facebook-login/security/#proof (using timestamp in proof computation is not enforced but recommended by FB)