The post's links must direct to the application's connect or canvas URL.

Go to the Facebook App. Edit its settings. On the Advanced settings page, disable the “Stream post URL security” option.

Hi!

I tried to do this procedure, but I not found this option: Stream post URL security
Could you help with more details, please?

Go to the Facebook App. Edit its settings. On the Advanced settings page, disable the Stream post URL security option.

Thank you!
Marcos

Go to https://developers.facebook.com/apps

On the left hand side, click your app to select it.

Next to the “Settings” section in the middle column, there’s an “Edit Settings” link. Click that.

On the new page, under the “Settings” menu on the left hand side, click “Advanced”.

Under the “Migrations” section, find “Stream post URL security”. Set it to “Disabled”.

Click the “Save Changes” button at the bottom of the screen.

Are there any plans to fix this in near future? Stream post url security is part of July api changes, so this solution is kind of deprecated..

Stream post URL security is not part of the July API changes listed here:
https://developers.facebook.com/roadmap/

Also, it doesn’t make any sense for them to deprecate that particular option. What the “Stream post URL security” option does is to make it so that an app cannot post any links that don’t link to it’s own URL. But many apps do want to post arbitrary links to other sites, so disabling this makes sense for those case.

The only way this actually affects usage of SFC is if you use a shortlink modifying system with your blog, because SFC uses the shortlink. The default shortlinks in WordPress will have your own URL in them, but if you use Jetpack to get wp.me links, or a bit.ly plugin, or something like that, then you’d want to use the shortlink so that you can get stats information from that service. In that case, because the URL no longer matches the site’s URL, you need to have this option disabled. For the default case, it works fine if it’s enabled.

Hm, I have a webpage without any url shortener and I am unable to post the blog post to facebook.
So, I have to disable the security despite the fact that there should be the correct url match.

Are you using Jetpack? If so, then the wp.me shortener is enabled by default and it’s trying to use that.

No Jetpack, only Simple Facebook Connect.

If my url is:
https://example.com/webpage/vystava-2013/ (with modrewrite)
https://example.com/?p=1072 (the actual link)

in sfcPublish() I see:
“link”: “http:\/\/example.com\/?p=1072”
“picture”: “http:\/\/example.com\/webpage\/\/wp-content\/gallery\/cache\/10_320x240_1_6000.jpg”
“actions”: “[{\”name\”:\”Share\”,\”link\”:\”http:\\\/\\\/www.facebook.com\\\/share.php?u=http%3A%2F%2Fexample.com%2F%3Fp%3D1072\”}]”

Facebook returns error:
“The post’s links must direct to the application’s connect or canvas URL.”

If you’re getting that message, then you don’t have your applications connect URL set to https://example.com, basically. Or you have a needless “www” prefix, or lack of a needed one. Something to that effect.

so can I then enable the “July 2013 Breaking Changes” option safely? I have 2 notices I just received an hour ago:

Gregory Beaver’s blog, is currently using the following deprecated features:

1. Social Plugins (Like Button, Like Box) without absolute URL’s in their href parameter.
2. Non-threaded comments. Please see the developer roadmap for more details about this change.

Neither of those appears to be true. I use the latest jetpack Version 2.2.5 with wordpress Version 3.5.1

Samuel (Otto),

I sent you an email with the details of my installation and generated javascript code on webpage.

Could you, please, check it?

Thanks!

@lacike: No. I’ve already answered your question. Just disable “Stream post URL security”. If this answer isn’t enough for you, then I suggest that you use a different plugin.

@cellog: I’ve enabled the July 2013 breaking changes option with no side-effects. I believe the Like Box widget may stop working at some point in the future, but for now, it’s fine.

Thank you for this! I was trying to find the advanced bit in the plugin settings, not the facebook app settings, until I found this.

I enabled July 2013 breaking changes, and now jetpack’s publicity to facebook does nothing, with no errors. I have to manually share all of my posts. FYI in case you are involved with that plugin as well

Jetpack’s publicize doesn’t need an application of it’s own as far as I know, because it goes through the WordPress.com app. None of the changes you make to your app will affect Jetpack.