使用angular和angular ui router，你可以修复这个问题

    app.config(function ($stateProvider, $urlRouterProvider, $locationProvider) {

      // Make a trailing slash optional for all routes
      // - Note: You'll need to specify all urls with a trailing slash if you use this method.
      $urlRouterProvider.rule(function ($injector, $location) {
        /***
        Angular misbehaves when the URL contains a "#_=_" hash.

        From Facebook:
          Change in Session Redirect Behavior
          This week, we started adding a fragment #_=_ to the redirect_uri when this field is left blank.
          Please ensure that your app can handle this behavior.

        Fix:
          http://stackoverflow.com/questions/7131909/facebook-callback-appends-to-return-url#answer-7297873
        ***/
        if ($location.hash() === '_=_'){
          $location.hash(null);
        }

        var path = $location.url();

        // check to see if the path already has a slash where it should be
        if (path[path.length - 1] === '/' || path.indexOf('/?') > -1) {
          return;
        }
        else if (path.indexOf('?') > -1) {
          $location.replace().path(path.replace('?', '/?'));
        }
        else {
          $location.replace().path(path + '/');
        }
      });

      // etc ...
    });
});

对于那些正在寻找简单答案的人 加上这个，对我很管用

if (window.location.hash === "#_=_"){
    history.replaceState 
        ? history.replaceState(null, null, window.location.href.split("#")[0])
        : window.location.hash = "";
}

请查看Paul Schwarz的完整回答

https://stackoverflow.com/a/18305085/2694806

适用于PHP SDK用户

我只是通过在转发之前删除额外的部分来解决这个问题。

 $loginURL = $helper->getLoginUrl($redirectURL, $fbPermissions);
 $loginURL = str_replace("#_=_", "", $loginURL);
 header("Location: " . $loginURL);

我知道这个回复晚了，但如果您正在使用passportjs，您可能想看到这个。

return (req, res, next) => {
    console.log(req.originalUrl);
    next();
};

我已经编写了这个中间件，并将其应用于表示服务器实例，我得到的原始URL没有“#_=_”。看起来，当我们将passporJS的实例作为中间件应用到服务器实例时，它不接受这些字符，而只在浏览器的地址栏上可见。

博士TL;

if (window.location.hash === "#_=_"){
    history.replaceState 
        ? history.replaceState(null, null, window.location.href.split("#")[0])
        : window.location.hash = "";
}

完整版本与一步一步的说明

// Test for the ugliness.
if (window.location.hash === "#_=_"){

    // Check if the browser supports history.replaceState.
    if (history.replaceState) {

        // Keep the exact URL up to the hash.
        var cleanHref = window.location.href.split("#")[0];

        // Replace the URL in the address bar without messing with the back button.
        history.replaceState(null, null, cleanHref);

    } else {

        // Well, you're on an old browser, we can get rid of the _=_ but not the #.
        window.location.hash = "";

    }

}

循序渐进:

We'll only get into the code block if the fragment is #_=_. Check if the browser supports the HTML5 window.replaceState method. Clean the URL by splitting on # and taking only the first part. Tell history to replace the current page state with the clean URL. This modifies the current history entry instead of creating a new one. What this means is the back and forward buttons will work just the way you want. ;-) If the browser does not support the awesome HTML 5 history methods then just clean up the URL as best you can by setting the hash to empty string. This is a poor fallback because it still leaves a trailing hash (example.com/#) and also it adds a history entry, so the back button will take you back to #_-_.

了解更多关于历史的知识。

了解window.location的更多信息。

一个对我有用的解决方法(使用Backbone.js)是在传递给Facebook的重定向URL的末尾添加“#/”。Facebook将保留提供的片段，而不会附加自己的“_=_”。

返回时，Backbone将删除“#/”部分。对于AngularJS，在返回URL后附加“#!”应该可以工作。

注意，大多数浏览器在重定向(通过HTTP状态码300、301、302和303)时保留原始URL的片段标识符，除非重定向URL也有片段标识符。这似乎是被推荐的行为。

如果使用处理程序脚本将用户重定向到其他地方，则可以在此处的重定向URL后附加“#”，以将片段标识符替换为空字符串。