Facebook mobile browser incompatible with Ghost subscriptions

I think I’ve found a newer major issue with changes that Facebook has made recently. When using mobile devices and you follow an external link from Facebook, it will open that link in Facebook’s own browser. There is no way to get the authentication cookie set in this browser because it literally lacks an address bar that you can type/paste into.

The FB browser used to have a setting that allowed you to bypass that automatically. That was removed recently. It used to also have an address bar where one could have pasted in the authentication link, but that too has been removed from the browser. The only way to set a Ghost authentication cookie in that browser is to send the link by Facebook Messenger and then click the link from there (which is a messy process and not a solution at scale).

I also tested to see if the FB Browser would intercept links to sites where I have apps registered to those links and FB in fact intercepts that also. A link to Twitter will end up in their browser and not the Twitter app.

100% of my following is on FB and I am trying to convert people over to subscriptions and this is going to wreck my entire operation. It’s primarily a seasonal publication and we’re just now starting to see people complain about this awful behavior for which there seems to be no solution for whatsoever.

People can still open the link in their real browser by using the three dot menu in the FB browser, but that’s an extra step every time. I am thinking about creating a big annoying card that gets inserted into every article telling people to open the links in an external browser and only appears when the FB browser is detected.

Does anyone else have a suggestion that might be better?


@Brambster I think you have accurately painted a picture of how Facebook is making life worse for their users by forcing them to use to their built-in browser that does not share cookies with the main browser and lacks an address bar of its own.

I don’t see what could be done on the Ghost end. You could try asking on a forum for Facebook developers.

Just trying to see if there was a solution. We’ve updated our theme to display a warning when a page had protected content and is viewed with a Facebook browser directing them to open the page in the external browser with a simplified graphic. Facebook is useless to contact for such purposes. If they answer it will be from a third-party contract support organization in India who has no ability to help in this regard.

It would be good to have a Single Sign-On option as the go-to implementation. Many creators make heavy use of social media to publish their stories and find more followers. This is a major issue IMO.

It is a major issue. Facebook has broken the session handling on thousands of websites by using their in-app browser which has it’s own session storage.

And what benefit does the in-app browser have? For Facebook, they used it track users even more deeply, with the ability to track clicks, take screenshots of other websites you are looking it and capture password for inputs:

“Solving this” by adding Facebook login to websites further locks users into being on Facebook, which has been caught actively abusing users privacy by this very feature.

Apple and Google could also solve this changing the rules for in-app browsers.

Improved SSO is one of the most requested features for Ghost, but implementing it as a solution to problems caused by in-app browsers is one of the least compelling reasons to do so.