Facebook Pixel is flagging requests to our domain as malicious, despite any of our systems explicitly adding these malicious query parameters.
Once a user does an event which requires authentication, the resulting URL is appended by something like
/access?state=_removed_&code=_removed_&scope=_removed_&authuser=_removed_&prompt=_removed_&_filteredParams=_removed_
Note: Specifically the authuser is added in this example, but not restricted to that element. Can be anything the malicious user is attempting to do.
This is restricted to a limited amount(<100) of user(s) making requests to this particular endpoint, however on Facebook side, it's flagged as malicious.
Is there a way of preventing this from happening?
- Attempted to detect if there is an additional query parameter being added on our frontend project, but none is detect, logged or flagged.
- Attempted to prevent the query parameter from reaching the server, which was successful, however the request to Facebook happens exclusively on the user's browser/client.