I have an <fb:requestform>
in an iFrame Facebook app. I have set target="_parent", so that the callback will target the parent iFrame and not itself, which seems to work as expected. But, instead of my desired file loading, I get redirected to my server. Checking the response of the requestform's POST in Firebug revealed this:
<script type="text/javascript">
top.location.href = "http://www.facebook.com/login.php?api_key=***&v=1.0&req_perms=&next=http%3A%2F%2F***";
</script>
I have already had this same problem when sending jQuery AJAX requests to update various elements in an iFrame. I solved the problem by making sure my headers contain P3P: CP="CAO PSA OUR"
. That is indeed set for this call as well (can be seen clearly in Firebug), but I still get redirected to facebook.com/login.php.
I eventually ended up working around this problem rather than solving it. Instead of using require_login() on most of my pages, I store the user's Facebook ID and their session key in session variables and use those to "reinstantiate" the user (using $facebook->set_user()) on subsequent page calls.