How to fix Facebook apps “Error: Can’t Load URL: The domain of this URL isn’t included in the app’s domains”

by Edward on

UPDATE – March 2018

Facebook has been aggressively tightening security. Any new Facebook Login Apps create AFTER the beginning of March 2018 now have Use Strict Mode for Redirect URIs and Enforce HTTPS enabled by default and can no longer be disabled.

Facebook Login App with Enforce HTTPS & Use Strict Mode for Redirect URIs enabled by default

So what does this mean?

Two things. Firstly, you can no longer use Facebook Login if your site isn’t HTTPS. It’s annoying for sure, but most hosting providers now provide free SSL certificates through Let’s Encrypt. Usually it’s just a case of enabling it. If your hosting provider doesn’t then I’d strongly recommend switching hosts. HTTPS is encrypted and therefore more secure. It also now affects your Google Ranking and soon Google will be putting ‘Insecure’ warnings next to sites without in their search results. There’s pretty much no good reason not to have HTTPS these days.

Secondly, it means that you now have to put the exact return URL into the Valid OAuth Redirect URIs input. Previously, with strict mode disabled, you could just put your domain name in and that would be enough. Now it has to be the exact URL that your return to once you’re authorised Facebook. This will be different depending on the App you’re using to connect to Facebook. If you’re using WP Native Articles it’s:

http://your-site.com/wp-admin/admin.php?page=wpna_facebook&tab=api&wpna-action=facebook_login

Read more about Enabling Use Strict Mode for Redirect URIs with WP Native Articles.

If you’re unsure what your callback URL should be, get in touch with the makers of the App you’re using or check the documentation.

For Facebook Apps created BEFORE March 2018

Over the last 24 hours loads of developers have been having issues creating new Apps with Facebook.

The problem

It was confirmed on Facebook’s bug platform that they had made some changes to the the default settings for new Apps and now Strict Mode is automatically enabled for the oAuth settings. Strict mode means that when using Facebook login to connect your application or website to the App, the oAuth redirect URL has to be explicitly set, where as before it didn’t.

This is obviously part of a drive on their part to increase security, which is obviously good, but it was a bit of a surprise and makes setting up applications more complicated. They are working on improving the error message.

How to fix

1. Go to http://developers.facebook.com/apps/ and select the app you wish to fix.

2. ​At the bottom of the left hand menu click + Add Product link.

Add Product

3. Select Facebook Login as the Product.

4. Select Web.

Select Platform

5. Enter your Site URL and hit save.

Enter Site URL

​6. Hit Continue then keep clicking Next, ignoring all the code, until you get to Step 5

​7. In the left hand menu you should now see Facebook Login, click the Settings menu item underneath it.

Facebook Login Settings Link

​8. Under Client oAuth settings, where it says Use Strict Mode for Redirect URIs make sure it’s set to No and that your site URL is in the Valid OAuth redirect URIs box. Then the hit save.

Facebook oAuth Strict Mode

​9. You should now be able to connect your app as normal.

Share