Are you grappling with Facebook login integration on your website, only to be baffled by the infamous status: “unknown” response from the Facebook JavaScript SDK? You’re not alone. Many developers have encountered this issue, and the solution might not be as apparent as you’d hope. In this blog post, we’ll explore a real-world case where the Facebook login was failing, and how a seemingly unrelated HTTP headerplayed a pivotal role in resolving the problem.


In the world of web development, integrating social media login options is a common practice. It streamlines the user experience and eliminates the need for lengthy registration forms. Facebook Login is a popular choice for this purpose, thanks to the Facebook JavaScript SDK. However, when things go awry and you find yourself staring at status: “unknown” in your JavaScript console, frustration mounts.

The Mystery of status: "unknown"

The status: “unknown” response from the Facebook SDK has left many developers scratching their heads. The issue persists even when users successfully log in with Facebook through the popup window, leaving developers puzzled and searching for answers. The internet is full of forums and threads where people have struggled with this same issue.

The Solution: cross-origin-opener-policy: same-origin-allow-popups

In our journey to unravel this mystery, we stumbled upon a clue that proved to be a game-changer: the cross-origin-opener-policy HTTP header. Initially, our website was configured with `cross-origin-opener-policy: same-origin1, which should theoretically be secure and compliant with best practices. However, this header was the silent saboteur preventing Facebook Login from functioning correctly, as it prevented the popup window to communicate back with the opener that the login was succesful.

This blog post has been created with the help of ChatGPT

Arjan Scherpenisse

Arjan Scherpenisse

Co-founder Botsquad

email me