Facebook application, how to check if inside Facebook canvas / standalone using PHP?

Question

Hi there,

I want to develop a Facebook connect application that can operate both inside a Facebook canvas or standalone.

Can I check if the user is using Facebook canvas / not using the official Facebook PHP client library?

Thanks, Andree

Answer 1

Hi,

I had this same question. I discovered facebook does the following:

IP Addresses:

In a canvas page Facebook will pass the calling user's IP address to you in an additional HTTP header called X-FB-USER-REMOTE-ADDR.

from: http://wiki.developers.facebook.com/index.php/Your_callback_page_and_you

Check for this header and if it's set, you're on facebook. I bet there's another method to check, but this will work until you can find a better method.

Also, I'm not a security expert, but I suspect a hacker could also send this header, and that could result in unexpected behavior from your app when outside facebook. Keep this in mind when utilizing this info fb sends.