I have created two Facebook canvas apps. I am having problems with people accessing the apps. In the app settings you must enter:
Canvas URL
Secure Canvas URL
Secure Canvas URL wont accept HTTP links but only HTTPS. When some of my users go to my app link like http://apps.facebook.com/my_app Facebook automatically redirects them to https://...
Canvas app content is loaded from my server which is only accessible via HTTP. The users which are redirected to https://apps.facebook.com/my_app then can not load my app since Facebook canvas wants to load content from my server via HTTPS. How do I solve this, without enabling SSL on mu server?
And not all users are redirected to https://apps.fa...? How is this handled?
I have come up with an interesting hack for this problem.
You can create a HTML file that is accessible over HTTPS that just redirects to your webpage. For example, you can use dropbox. Since Facebook loads your secure canvas URL page in an iframe, your code needs to redirect the top page. Something like this.
<html>
<head>
<script>
function onLoad() {
window.top.location.href="<your website>";
}
</script>
</head>
<body onload="onLoad()">
<p>Please wait while you are being redirected to <your website name>…</p>
</body>
</html>
And provide this link as the secure canvas URL. I blogged about this in more detail - http://blog.almabase.com/post/84579042935/interesting-hack-for-facebook-secure-canvas-url
Basically, you must provide https support. At the moment, you can still leave the Secure Canvas URL field empty to avoid doing so, but it will be required starting October 1st.
Facebook users that have explicitly said they want to use HTTPS in their account settings get redirected to HTTPS. Your application has to support HTTPS by October 1st, as announced by Facebook here: https://developers.facebook.com/blog/post/497
Without enabling SSL on your server, you could try social-server.com
However, this is only a quick workaround. Your users might get nasty security messages from their browsers while using https.
The best solution is to buy a SSL certificate if you still want to develop Facebook apps.
Related
Whenever i tried to login with facebook i'm getting the following error.
Insecure login Blocked. You cant get access token or log in to this app from insecure page. Try re-loading the page as https://
This code is in my localhost.
And this the url i'm using http://localhost/php-facebook-login/login.php same url only i have given in the facebook app configuration page.
Please help me to rectify this issues.
Thank you.
Since March 2018 Facebook requires redirect URIs to be served using HTTPS by default. The toggle is called "Enforce HTTPS". See Facebook's manual for more details Facebook Login Security
As the commenters pointed out the redirect will work even for localhost. But I am not sure if Facebook will accept a self signed certificate.
I try to make authorization with adsesnse Host Api and I have working code to generate url to authorization which redirect to login/register in adsense but after login/register i am redirecting to main page of my site I want to redirect to custom address to make verify. How can I set redirect url after register process?
I use Google Host api library for google Adsense Host Api
If you are using a client_secrets.json file the redirectUrl is probably set there. It can also be set directly in the code.
Be sure you change/add the new redirect location using console.developers.google.com before you change it locally - it can take a while (tens of minutes) for changes here to take effect.
Edit: OK - wrong redirect sorry. For that one you will need to contact Adsense and ask them to update your landing page url.
I tried creating a facebook login using facebook php sdk, and currently I am having this error:
Given URL is not allowed by the Application configuration.: One or
more of the given URLs is not allowed by the App's settings. It must
match the Website URL or Canvas URL, or the domain must be a subdomain
of one of the App's domains.
I have already added the site url of my website, and also placed it in the app domain.
My application is still in sandbox mode, so right now I have no idea why facebook is giving that error. Have I missed something from my settings?
my domain(example):
www.mydomain.com
My website is on a subdomain :
www.mydomain.com/websitesample/website
My app domain and site url both have the same value:
http://www.mydomain.com
Aside from these settings I have double checked my app id and app secret. I have waited for at least 15 minutes because I have read somewhere that when saving changes on your application you'd still have to wait for the changes to propagate through facebook's servers. What else could I have missed?
Just use as App Domains: mydomain.com
So every subdomain will work.
Btw - www.mydomain.com/websitesample/website <- websitesample/website isn't a subdomain, it's a directory and this won't cause any problems.
Visit developer.facebok.com
Select facebook application
Enter the
settings tab on the left side
Available on the page, basic tab, click to Add Platform
Click to website
Your website type to Site URL section ex: yourdomain.com/xx/..
Click to Save changes.
best regards.
My colleague and I have gotten to have fixed it somehow. We added the subdomains in the app domains and it's now working.
Check in settings page as:
App Domains: www.mydomain.com,
Canvas Page: https://apps.facebook.com/app_name,
Canvas URL: http://mydomain.com
Im trying to use the facebook login from https://github.com/facebook/facebook-php-sdk
It works fine over HTTP but fails to login over HTTPS, The app page lists the login page as https://my.url.com
Both pages have a get redirect with code and state, which are the same length for the working and non working URL.
I would prefer to use https for all login pages.
By Doesnt work I mean after a successful login the token is appid|appsecret and the user returns ID of 0 instead of the actual user id which has just completed the login
Found the issue to be the Redirect URL. Code was being used from http://webcheatsheet.com/php/get_current_page_url.php
which puts the port :443 on the url. During the redirect the facebook info gets "lost"
Changing their code to allow for this fixes the problem. though with or without the :443 its still a valid URL and should really work
Have you considered using the HybridAuth library? I've always had it dump me into https on Facebook
The :443 is what tells the browser to connect over HTTPS, the default port for HTTP is 80 and 443 for HTTPS.
Perhaps the issue is something to do with Facebook having cached your domain as port 80
You can clear facebook's cache of your site, and troubleshoot other URL related problems with their official URL debugger https://developers.facebook.com/tools/debug/
I have an app on my server which redirects to Facebook and thus displays the browser version of the Facebook Login page.
However, since I'll be accessing this through a mobile device, I'll want it to display the mobile version of the Facebook login page.
Is it possible to use the header() function or is there a way to change the user-agent on my host before it redirects to Facebook? So that Facebook will think the request is coming from a mobile device and thus render the mobile version.
I have already tried to use JavaScript and tried spoofing the header command; unfortunately these didn't work.
Thank you.
ini_set('user_agent', 'MyBrowser v42.0.4711');
Your server cannot affect the remote browser's configuration. The only place where you could change the user agent is if you were proxying the browser's requests to facebook, as it'd be your server connecting to FB, not the client.
Try redirecting to m.facebook.com instead. That displays a minimal "mobile" version.