Common error messages

Common errors messages returned by Facebook during verification

Can’t load URL

The problem is that the App domains field does not contain your site’s current domain. Check the 11th and 15th steps of the App setup to fix the problem.

URL blocked

The problem is that the entered Valid OAuth redirect URIs field is not correct for your app. Check the 11th step of the App setup to fix the problem.

Error validating verification code

The problem is that the entered Valid OAuth redirect URIs field is not correct for your app. Check the 11th step of the App setup to fix the problem.

Invalid App ID

The entered APP id is not correct. Maybe the app with the entered ID was deleted. Go to the Facebook provider → Settings and make sure that an existing App’s ID and secret was entered.

Client secret error

The App secret you copied from the Facebook app is invalid. Make sure the correct one was copied.

Unable to validate CSRF state

Server cookie rules:

The problem is often related to the server’s cookie related caches. Some servers only accept special cookie name as the caching server allows only these special cookie names. You should get in touch with your host and ask them about their cookie related caches.

• Pantheon server: If you’re using Pantheon server, update your Nextend Social Login version to 3.0.6 or greater where the error should be fixed.
• LiteSpeed Cache: If you’re using the LiteSpeed Cache plugin, you may need to add the following lines to your .htaccess file:
  
• If you can whitelist cookies at your server, try whitelisting SESSnsl which is the cookie we’re using. If your host has strict policy of the cookie names they accept you could try overriding the default names. Name of the session cookie can be changed with nsl_session_name filter and NSL_SESSION_NAME constant.

Misconfigured Object Cache:

You can also see this error if something (like a 3rd party plugin) messes up the site transients and prevents us from accessing them. Usually database or object caches create such problems when they’re configured wrongly. Try turning off your object/database cache temporarily, see if the “Unable to validate CSRF state” error still shows up.
If that resolves the problem, then

• most likely you don’t have the prerequisites ( such as the .dll file – the PHP extension – that that object cache relies on, or the object cache server – daemon – is not started ) to use object cache on your site. Some object caches typically have a status page where you can see if there are issues with your configuration.
• if you want to use object cache, then get in touch with the support team of the database/object cache you’re using, they could tell you how to configure it properly.

Varnish:

Varnish Cache is a high-performance HTTP accelerator ( specifically a reverse caching proxy ) that stores copies of web pages in memory to speed up content delivery and reduce server load. Varnish Cache works by sitting between the client and the web server, intercepting HTTP requests. When a request is made, Varnish checks if a cached copy of the page exists. If it does, it serves the cached version instantly otherwise it fetches the content from the server and stores it in memory, and later delivers it to the client for faster future access.
Caching our authentication requests could invalidate the CSRF state. To avoid such problems you need to add 2 exclusion rules:

• one for the “SESSnsl” cookie
• and another for the “?loginSocial” GET parameter

Some server hosts like Cloudways have an interface where you can manage Varnish, e.g. in case of Cloudways, exclusion rules can be added like this:

• https://support.cloudways.com/en/articles/5496342-how-to-use-varnish-at-cloudways#h_289d92cc87

If you are not sure if your server host has such interface, or it is too difficult to add exclusion rules, then contact your server host and ask them to add the necessary rules for you.