I just got bitten by this. I was visiting a news site and opened ~30 tabs to things I wanted to read. And then those tabs just showed me an error message. Frustrating :(
Edit: Might be worth noting that logging out of FB "fixed" this for me. (But I had to go back and re-open all those tabs.)
works fine for me, perhaps because I have never used Facebook to log into it.
AFTER EDIT: Replying to the kind reply to this comment, I am ALWAYS logged in to Facebook (with AdBlock Plus and Social Fixer and Ghostery activated, using Chrome), and I was surfing all over the Web completely normally while sites were reported to be redirecting. So maybe something different about my set-up protected me from the problems many other users observed today.
It's not whether you've ever used Facebook to log into The Economist's site, but whether you were logged into Facebook at all. If you were, you were redirected.
EDIT: By the timestamp on your comment, the issue appears to have been fixed, anyway.
With Ghostery running, it should not even load anything from a Facebook domain. The (buggy) code to redirect people to facebook.com would no doubt be served fromFacebook themselves. Stopping that code from being served to your browser means they can't redirect.
I absolutely love Ghostery and other related tools.
As pointed out in the previous post, you should not rely 100% on Facebook as your Auth gateway. You should have an alternative for your users to login in case of something like this happens.
from the same article:
" Instead, the company is standardizing the interactions between Facebook and third parties via Facebook's new Open Graph protocol and the OAuth 2.0 standard."
Does this only affect those logged in to Facebook? I quit Facebook for a year so I'm not sure whether it is fixed or whether I was just not bothered by it at all
Appears to be "fixed" now. Economist.com no longer redirects. FB's own developer pages (https://developers.facebook.com/roadmap/) used to manifest this too, and no longer do.
Or give up closed, centralized systems altogether and take a look at Mozilla's Persona project -- the open web deserves open, federated authentication systems.
(N.B.: I work on Persona, and it does have a centralized fallback for bootstrapping browsers and identities. The difference is that the centralization is temporary, optional, and automatically goes away over time.)
A perfect case study in why the current practice of "just add a script tag with 'facebook.com/whatever.js' into your page and all your LIKE buttons will work magically!" is an absolutely terrible idea.
This particular bug is just as likely either way; the js must be changing window.location, there's no reason to think the iframe wouldn't change window.top.location.
It's only a terrible idea if you don't have a kill switch. It's also only a terrible idea if the benefits do not outweigh the costs of something like this happening (and you being unable to respond to it.)
Adding the JS file is simple and up until now has always worked. If it ends up driving tons of traffic back to your site it seems worth it.
'Absolutely terrible' is a just a wee bit hyperbolic. It is an idea that has positives and negatives, but you only notice it when it does this. And how many times has it done this since they've implemented it?
Broken behavior related to this happens quite often actually. I've had sites that were bitten by this or some variant. If you follow the Facebook bug tracker it comes up every now and then (it might be localized to a degree in some cases). They do move fast and I think fix it quickly in most cases. In fact there was something that was broken just last week here on HN but the behavior wasn't something that affected so many sites to this degree.
Again, building large things on big proprietary services is a bad idea unless you understand what you're getting into.
I can almost guarantee that the folks that implemented FB connect didn't understand that the failure mode could forward all traffic to FB. I have no idea how that could become a rational design decision.
59 comments
[ 3.4 ms ] story [ 121 ms ] threadEdit: Might be worth noting that logging out of FB "fixed" this for me. (But I had to go back and re-open all those tabs.)
http://www.economist.com/
works fine for me, perhaps because I have never used Facebook to log into it.
AFTER EDIT: Replying to the kind reply to this comment, I am ALWAYS logged in to Facebook (with AdBlock Plus and Social Fixer and Ghostery activated, using Chrome), and I was surfing all over the Web completely normally while sites were reported to be redirecting. So maybe something different about my set-up protected me from the problems many other users observed today.
EDIT: By the timestamp on your comment, the issue appears to have been fixed, anyway.
I absolutely love Ghostery and other related tools.
Facebook Connect was deprecated in 2010
http://mashable.com/2010/04/21/facebook-kills-facebook-conne...
from the same article: " Instead, the company is standardizing the interactions between Facebook and third parties via Facebook's new Open Graph protocol and the OAuth 2.0 standard."
(N.B.: I work on Persona, and it does have a centralized fallback for bootstrapping browsers and identities. The difference is that the centralization is temporary, optional, and automatically goes away over time.)
Adding the JS file is simple and up until now has always worked. If it ends up driving tons of traffic back to your site it seems worth it.
I can almost guarantee that the folks that implemented FB connect didn't understand that the failure mode could forward all traffic to FB. I have no idea how that could become a rational design decision.
And, they are surely breaking.