Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.

Facebook Connect publish_actions leads to "Login Review" warning

edited November 2015 in Vanilla 2.0 - 2.8

I get the following strange popup when trying to use Facebook Connect for the first time (Vanilla 2.2):

After doing a bit of research, I believe this is because Vanilla is trying to request the publish_actions permission from FB Connect. I think this is needed for Automatic Social Share. However, it seems to request it even if Automatic Social Share is turned off.

If this is really the desired behavior, then the documentation in this guide needs to be updated. To actually get Facebook to grant publish_actions to your app, you need to explicitly request permission from the Facebook team via a Login Review. This is not a step that's listed in the guide, and if you don't do it, it leads to the warning message above. You may want to edit the blog post to note that.

Either way, once I click the "Okay" button, I now get a second scary looking popup, which I assume is again because Vanilla wants publish_actions:

All this does is create friction in signup and scare my users. Again, I don't think publish_actions is needed for anything but Automatic Social Share, and I don't even want that anyway. However, Vanilla seems to demand publish_actions whether I have it turned on or off.

Is this really the desired behavior?

Can I turn publish_actions requesting off?

I found out how to do it in the source code, but I don't know if there's a more elegant way to get the job done.

EDIT: after some thought, I've also noticed I don't have the problem with this forum here. Did you folks patch the source manually to stop this from happening, or is there something I've done wrong on my end?

Comments

  • add this in conf/config.php

    $Configuration['Plugins']['Facebook']['Scope'] = Array('email','public_profile');

    This will help

  • Yes, that's what I ended up doing. However, I'm concerned that I'll have to re-patch this every time I upgrade.

    I don't know much about how we're supposed to handle these sort of things - is it recommended people wrap their hotfixes in the "plugin" architecture, so you don't have to end up modifying core? Or do people just maintain a list of hotfixes to core that they re-apply when they upgrade?

  • Sorry, I misread - you want me to add it to config.php, not edit the Facebook plugin directly. OK, I understand. Finally starting to get the hang of the way Vanila works :)

Sign In or Register to comment.