Facebook Authorization Infinite Loop

Facebook Authorization Infinite Loop


So, I came across a wonderful bug in the Facebook OAuth API.

It would continually redirect over and over again, from me to facebook and back, until the URL got to long for the browser to handle.

All i had in my code was


I read a lot of things and noticed that this is a well documented bug, with absolutely NO fixes that I could see.

It took a while but I found the bug, and perhaps this will help others.

Facebook sends back a &next= url parameter. (Why it sends it back, I don’t know) and it turns out, this can violate a mod_security rewrite rule. I had to have my host (I probably could have done it myself) add a whitelabel to my domain to allow it to contain a domain at the end of the URL. Ridiculous thing to track down.


comments powered by Disqus