How can I identify that, either my Facebook app is running inside Facebook canvas or outside canvas (as we access website like www.example.com).
I tried to get URL staying inside Facebook canvas like:
echo $_SERVER["SERVER_NAME"].$_SERVER["REQUEST_URI"];
but it return the same URL like outside of the canvas. I visited this link, but I didn't find any useful material.
Look to see if $_POST['signed_request'] is set. When your app URL is requested inside the canvas or inside a page-tab then Facebook sends the signed request POST parameter to the server. When it is not set, you can be confident the application is running outside of Facebook.
You can decode $_POST['signed_request'] with the following code, if you need to get some of the data it contains:
function parse_signed_request($signed_request) {
list($encoded_sig, $payload) = explode('.', $signed_request, 2);
$secret = "appsecret"; // Use your app secret here
// decode the data
$sig = base64_url_decode($encoded_sig);
$data = json_decode(base64_url_decode($payload), true);
// confirm the signature
$expected_sig = hash_hmac('sha256', $payload, $secret, $raw = true);
if ($sig !== $expected_sig) {
error_log('Bad Signed JSON signature!');
return null;
}
return $data;
}
function base64_url_decode($input) {
return base64_decode(strtr($input, '-_', '+/'));
}
If you don't need the data, just check that it is set.