I wanted to investigate how the facebook login transfer data to the main page ( mypage) - despite the cross domain boundary limitation.
And so I created a new page with the FB js sdk
code :
FB.login(function (response)
{
if (response.authResponse)
{...
It does open the popup :
But when I investigated to see if I have any Iframes on my page ( My code doesn't contain any iframes) :
I saw this :
>>$("iframe")
result :
[
<iframe name=?"fb_xdm_frame_http" frameborder=?"0" allowtransparency=?"true" scrolling=?"no" id=?"fb_xdm_frame_http" aria-hidden=?"true" title=?"Facebook Cross Domain Communication Frame" tab-index=?"-1" src=?"http:?/?/?static.ak.facebook.com/?connect/?xd_arbiter.php?version=24#channe…l_path=%2FWebSite2%2FHTMLPage3.htm%3Ffb_xd_fragment%23xd_sig%3Df5252874%26" style=?"border:? none;?">?…?</iframe>?
,
<iframe name=?"fb_xdm_frame_https" frameborder=?"0" allowtransparency=?"true" scrolling=?"no" id=?"fb_xdm_frame_https" aria-hidden=?"true" title=?"Facebook Cross Domain Communication Frame" tab-index=?"-1" src=?"https:?/?/?s-static.ak.facebook.com/?connect/?xd_arbiter.php?version=24#cha…l_path=%2FWebSite2%2FHTMLPage3.htm%3Ffb_xd_fragment%23xd_sig%3Df5252874%26" style=?"border:? none;?">?…?</iframe>?
]
I read that they are used for the cross domain.
But the question is why are they on MY PAGE ?
They should be somewhere on facebook internal pages!
I'm saying it because I know that the Iframe technique works like this :
As you can see - the internal Iframe creates another iframe with the SRC
value from query string (the value is the top page url actually) , and then , with JS on both pages + URL => JS
trigger functions , we can do :
top.sendData({...})
What am I missing ?
- How does the data is being passed from the FB login to my page ?