ABE blocks local facebook app development
Posted: Thu Oct 27, 2011 10:52 pm
Hey guys,
I'm a facebook developer and one of the most common things that you do for developing locally is host map a dummy domain name "mydomain.localhost.com", or similar, to 127.0.0.1 and put that in as your Canvas URL. This allows you to run a server on your local machine, but develop with the full facebook api that you get within a canvas iFrame. The problem, though, is that ABE in NoScript completely blocks this and unless you explicitly put in '127.0.0.1' or 'localhost', you don't even get a notification that it's being blocked. That's a biggie for me, because I lost quite a bit of time thinking that it was my server, my app settings, my problem, my problem because as I said, I got *no notification* about it happening, in Firebug, I'd just see the call to my local server hanging, nothing more.
Anyway, after finding out what was the cause, I definitely like what ABE is doing, and would like to share the solution. In the ABE SYSTEM ruleset, it should already have
You've just got to append your app url to that "Accept from" line,
That's the solution, but not notifying you when those requests are being blocked *really* needs to be fixed.
I'm a facebook developer and one of the most common things that you do for developing locally is host map a dummy domain name "mydomain.localhost.com", or similar, to 127.0.0.1 and put that in as your Canvas URL. This allows you to run a server on your local machine, but develop with the full facebook api that you get within a canvas iFrame. The problem, though, is that ABE in NoScript completely blocks this and unless you explicitly put in '127.0.0.1' or 'localhost', you don't even get a notification that it's being blocked. That's a biggie for me, because I lost quite a bit of time thinking that it was my server, my app settings, my problem, my problem because as I said, I got *no notification* about it happening, in Firebug, I'd just see the call to my local server hanging, nothing more.
Anyway, after finding out what was the cause, I definitely like what ABE is doing, and would like to share the solution. In the ABE SYSTEM ruleset, it should already have
Code: Select all
Site LOCAL
Accept from LOCAL
Deny
Code: Select all
Site LOCAL
Accept from LOCAL apps.facebook.com/<appname>/
Deny