+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forumdisplay.php?fid=5)
+--- Forum: General Help (https://forum.codeigniter.com/forumdisplay.php?fid=24)
+--- Thread: Facebook Webhooks API (/showthread.php?tid=68026)
Facebook Webhooks API - tan87 - 05-11-2017
Not sure whether you guys can help me out here.
I have worked on CI for other project and it is working perfectly fine.
However, when I am trying to use CI for one of my Facebook Webhooks projects, it seems that CI is filtering the data posted from Facebook but if i create a standalone PHP file using the same code (except the GET/POST function which using CI $this->input), it is working fine.
When I enable CI debug mode, this is the debug log available:
DEBUG - 2017-05-12 02:18:51 --> Global POST, GET and COOKIE data sanitized
I have checked the HTTP log as well, HTTP 403 is returned for all Facebook post to CI.
I would really like to use CI for all my project. Hope someone out there will have some idea
RE: Facebook Webhooks API - Martin7483 - 05-12-2017
Is CSRF protection enabled?
RE: Facebook Webhooks API - tan87 - 05-12-2017
Does not seems to work too as I disable it.
RE: Facebook Webhooks API - antony - 05-12-2017
Could you provide an example of what you're trying to achieve, and how you tried doing it in CI?
RE: Facebook Webhooks API - tan87 - 05-14-2017
Thanks antony.
Ok, when performing Facebook verification, FB send a GET request to CI and it is working fine for the verification part.
Quote:if (isset($_GET['hub_verify_token'])) {However, when FB do a postback for data , it is posting via POST which we need to extract it using this code. This code is inside the controller.
if ($_GET['hub_verify_token'] === 'lgC5XeJwYCJgaMfdTzit') {
echo $_GET['hub_challenge'];
return;
} else {
echo 'Invalid Verify Token';
return;
}
}
$input = json_decode(file_get_contents('php://input'), true);
However, CI response 403. No matter what I do.
RE: Facebook Webhooks API - InsiteFX - 05-14-2017
Do you by any chance have xss_clean turned on?
I checked the input core and it does nothing to the input stream unless you have xss_clean turned on.