Problem with users of site from facebook
Only users who click to site link from facebook get 520 error.
All work normally if I copy this link to mobile browser. Othe user dont have problems.
And strange record in server log
"141.101.105.63 - - [28/Mar/2024:15:45:48 +0000] "-" 000 0 "http://m.facebook.com/" "Mozilla/5.0 (Linux; Android 13; 2209116AG Build/TKQ1.221114.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/122.0.6261.136 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/456.0.0.39.90;] "
when i click link in Facebook application
Ray ID 86b8d79ebfc15b83
The istructions about facebook from documentation was applied.
with disabled cloudflare proxi I have in log record like this
"x.x.x.x - - [28/Mar/2024:16:36:55 +0000] "GET /?fbclid=IwAR2rkGF9GzVV_cU8UXlYijTFTq1hf5j5jzhUSOPrcII-Z2rx9XR5xFQ32k8 HTTP/2.0" 200 44185 "https://l.facebook.com/" "Mozilla/5.0 (Linux; Android 13; 2209116AG Build/TKQ1.221114.001; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/123.0.6312.77 Mobile Safari/537.36 [FB_IAB/FB4A;FBAV/457.0.0.54.84;] [FB_IAB/FB4A;FBAV/457.0.0.54.84;]""
Facebook
Log into Facebook | Facebook
Log into Facebook to start sharing and connecting with your friends, family, and people you know.
Log in or sign up to view
See posts, photos and more on Facebook.
4 Replies
Sounds like security policy in your headers may be too strict. Your site would block referred users by default to prevent certain attacks.
E.g. Facebook link sends you to https://yoursite.com/deleteaccount?key=assad988932903120913490&otherbrute=stuffs
If I'm not mistaken check out... strict-origin-when-cross-origin
Hm.... thank you
It's atleast one of the policy headers I believe to be conflicting with referrals.
Referrer-Policy!
looks like problem in "HTTP/2 to Origin"
after disabling all work