When I'm doing a server-side redirection in a Facebook iframe application, I get the this strange Facebook Logo with a link. When I click it, I get redirected to site I set the redirection to in the first place. What happens here? Any "Click Protection" in place?

Thanks!

Redirection Code:
Tried Client Redirect

    args = dict(client_id=FACEBOOK_APP_ID, redirect_uri=base_dir , scope='user_photos,email,offline_access')
    return render_to_response('fb/nopermission.html', { 'javascript': "<script>window.top.location=\"" + "https://graph.facebook.com/oauth/authorize?" + urllib.urlencode(args )+ "\"</script>"  } )

and Server Redirect:

args = dict(client_id=FACEBOOK_APP_ID, redirect_uri=base_dir , scope='user_photos,email,offline_access')
return HttpResponseRedirect(https://graph.facebook.com/oauth/authorize?" + urllib.urlencode(args))

Same Result in both cases

Arrgh! Facebook has such a shitty documentation that I hit upon zillion problems while developing for it.

This one is because you cannot redirect directly from with your app. use a href link and specify the target property to _top or use the javascript

window.top.location="redirecturl"

to workaround this bug.

For redirection purpose use this code:

<html><head>
<script type="text/javascript">
  window.top.location.href = "<?php echo $loginUrl; ?>";
</script>
<noscript>
  <meta http-equiv="refresh" content="0;url=<?php echo $loginUrl; ?>" />
  <meta http-equiv="window-target" content="_top" />
</noscript>