501 error when visiting mobile site with mitmproxy - http-error

When visiting a mobile site with mitmproxy, a 501 not implemented page appears. but it's normal for me to access with Charles.
Why is this happening?

Related

Cross Site Scripting (XSS) between facebook.com and m.facebook.com?

I'm developing facebook app on platforms: facebook canvas and website (to make it work on mobiles). The problem is that when I'm trying to click on my test app from m.facebook.com website in console i see error:
XMLHttpRequest cannot load
https://www.facebook.com/l.php?u=https%3A%2F%2Fm.facebook.com%2Fapps%2F…
No 'Access-Control-Allow-Origin' header is present on the requested
resource. Origin 'https://m.facebook.com/' is therefore not allowed
access.
And on screen inside facebook body: "No internet connection. Try again." When I click on "Try again" link situation repeats. But when I'm refreshing whole page application opens on web platform as it's supposed to.
Error shows before my app is called so I doubt it's my sdk configuration error.
I'll add that when I'm opening my app from android facebook application or from facebook.com website problem don't occur.
It looks like XSS between facebook.com and m.facebook.com websites. Anyone meet similar issue? Any ideas if I can solve it? I wrote report to facebook and waiting for answer from them as I'm not sure if it's my error or issue lies at their side.
Thx in advance for help.

Facebook OAuth dialog redirects to m.facebook.com and crashes with 500 error

I am using Facebook's OAuth dialog to log in people in two of my websites.
Yesterday morning I discovered that the oauth dialog is failing for one of those two website, only when I try to connect with a mobile device (iphone and android).
The way I call the oauth dialog is identical in both websites, except from the App ID of course and the redirect url. Basically I redirect the user to:
https://www.facebook.com/dialog/oauth?client_id=xxxxxxxxxx&redirect_uri=http%3A%2F%2Fwww.xxxxx.xxx%2Ffbresult&response_type=code&scope=email
Normally the user is prompted for logging in with facebook and give permission to the app, and the be redirected back to my website.
This works perfectly fine on both sites if I use it from the Desktop.
When I call this url from my touch devices (iphone or android, they both fail) I am forcely redirected to the mobile version of the dialog (https://m.facebook.com/dialog/oauth?etc,etc).
However this dialog from m.facebook.com dies with 500 internal server error for one of the website. (so: one works perfectly with mobile oauth dialog, the other does not).
I tried to open the m.facebook.com/etc/etc from my desktop pc and I could indeed see the 500 internal server error response.
Should I try to login from the desktop (which does not redirect to mobile version) then the authentication procedure works perfectly.
At first I thought this might be a facebook bug and that it would have been fixed within few hours at most, but it's been now for at least 2 days and still does not work.
I think I could really appreciate some advice at this point. Thank you all in advance.

Facebook Login "500 internal server error" in touch mode

We are using the method described in https://developers.facebook.com/docs/facebook-login/login-flow-for-web-no-jssdk/ to log users to our web site.
It was working fine since the last week. Now what happens is that
in mobile devices it does not automatically redirect to our site
after the user logs in.
Instead, the FB server returns a "500 Internal Server Error" error.
But this only happens with the mobile version of the login page
(option display=touch), with the desktop version the redirection
performs well.
This works:
https://www.facebook.com/dialog/oauth?client_id={myAppId}&redirect_uri={myurl}
This doesn't work:
https://www.facebook.com/dialog/oauth?client_id={myAppId}&redirect_uri={myurl}&display=touch
As we didn't know if the service was down for whatever reason
or there was a problem with our FB application,
we have created another FB application and we have set the web site
to a known url: www.google.com.
Then we have tested the url:
https://www.facebook.com/dialog/oauth?client_id={myOtherAppId}&redirect_uri=wwww.google.com&display=touch,
and to our surprise it worked, resulting in a redirection to the
google search site.
But if we set our web site in both the test FB application and the login url, it fails again with the same "500 Internal server error".
So we suspect that there is something wrong with FB and our domain.
Could FB be blocking my URL when trying to redirect through the mobile version of the login dialog?
We would like to contact the FB support team directly by email but we are unable to find a way to contact them.
Can anybody give us a clue on this?
Sometimes it's because your app is in Sandbox mode.

App on Facebook mobile gives me 4oh4 / 404

we have created a Facebook app, but when opening this on a mobile (via Web or iPhone) the page results in a 4oh4 error. I have setup a Mobile Web URL but still (after 1 hour wait) gives a 404.
Do I need to make specific changes on my app?
Please help.
This is expected as #Igy stated. You will need to have a handler to support redirecting mobile users to your apps.facebook.com/ or you can redirect them out of Facebook to your own URL if you are going to try and link to your page directly with an app embedded as a tab.
i.e. point link to http://yoursite.com/redirector
is mobile goes to http://yoursite.com/myapp or http://apps.facebook.com/
non mobile goes to http://facebook.com//app_
Some things to note:
You won't get any page specific data back from facebook on your page (i.e. Liked or Not Liked).
Based on #1 you won't be able to restrict the non-liking app users from a page.
After trying everything under the sun to get Facebook to redirect to a mobile web URL, here is what I needed to do in order to get the redirection working:
Make sure the Facebook application is a canvas application. This gives you the ability to give the application a namespace.
Give your application a namespace so that you can access it through https://apps.facebook.com/NAMESPACE. From here, Facebook will do the detection for you, and if needed, redirect your users to your specified mobile URL.
Make sure your app is NOT in sandbox mode.
If your app is in Sandbox Mode, Facebook won't redirect you to the mobile version you have specified in your app settings.
Facebook does the redirecting for you, you don't have to. Although their version of what "mobile" is and what you deem "mobile" might be different.

Facebook iframe app cannot be opened from mobile device

I'm developing a facebook app (iframe), but it cannot be opened from mobile browser. It always redirects to wall page. Is this always like this? Or did I do something wrong?
I have set Mobile Web URL on my developers page as well.
Thanks