I am using facebook SDK. I am getting the following error:
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
After studying I came to know that I have to set 'Enforce HTTPS' as NO under 'facebook login> Setting> '. But I can not set Enforce HTTPS as NO. Is this problem is from mine? OR I facebook restrict to use https instead of http?
enable Client OAuth Login and write "localhost:3000" in Valid OAuth Redirect URIs.
Save changes. it will automatically change to https://localhost:3000 , but it doesn't matter...
And set Status: In Development (THIS IS IMPORTANT!)
Then it will work in your http localhost.
But I can not set Enforce HTTPS as NO. Is this problem is from mine?
https://developers.facebook.com/docs/facebook-login/security:
Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019.
Sounds to me, like they don’t want you to be able to even start without HTTPS, when you are creating a new app now.
Plus, Chrome has recently announced that they will mark all HTTP sites as insecure soon, from version 68 on, that will be released in July 2018. So you’re gonna have to go HTTPS rather sooner than later anyway.
The “big players” of the industry are currently pushing for this big time, whether we want it or not.
If you just enable Client OAuth Login and write just localhost:{port} to Valid OAuth Redirect URIs, it will work.
If you're developing locally with create-react-app, a quick solution is to add
HTTPS=true
to your .env file and just comment it out when you're not testing Facebook login.
It seems like Business apps do not have app modes and instead rely exclusively on access levels. Because of this, you can't set the app to the "Development mode".
All newly created apps start out in Development mode and you should avoid changing it until you have completed all development and testing.
https://developers.facebook.com/docs/development/build-and-test/
https://developers.facebook.com/docs/development/build-and-test/app-modes
However, if you wanna try out your app in a localhost, you need to create a test app, like you can check out in this thread:
How to fix 'Facebook has detected MyApp isn't using a secure connection to transfer information.' error in Laravel
Related
I am using facebook SDK. I am getting the following error:
Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
After studying I came to know that I have to set 'Enforce HTTPS' as NO under 'facebook login> Setting> '. But I can not set Enforce HTTPS as NO. Is this problem is from mine? OR I facebook restrict to use https instead of http?
enable Client OAuth Login and write "localhost:3000" in Valid OAuth Redirect URIs.
Save changes. it will automatically change to https://localhost:3000 , but it doesn't matter...
And set Status: In Development (THIS IS IMPORTANT!)
Then it will work in your http localhost.
But I can not set Enforce HTTPS as NO. Is this problem is from mine?
https://developers.facebook.com/docs/facebook-login/security:
Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019.
Sounds to me, like they don’t want you to be able to even start without HTTPS, when you are creating a new app now.
Plus, Chrome has recently announced that they will mark all HTTP sites as insecure soon, from version 68 on, that will be released in July 2018. So you’re gonna have to go HTTPS rather sooner than later anyway.
The “big players” of the industry are currently pushing for this big time, whether we want it or not.
If you just enable Client OAuth Login and write just localhost:{port} to Valid OAuth Redirect URIs, it will work.
If you're developing locally with create-react-app, a quick solution is to add
HTTPS=true
to your .env file and just comment it out when you're not testing Facebook login.
It seems like Business apps do not have app modes and instead rely exclusively on access levels. Because of this, you can't set the app to the "Development mode".
All newly created apps start out in Development mode and you should avoid changing it until you have completed all development and testing.
https://developers.facebook.com/docs/development/build-and-test/
https://developers.facebook.com/docs/development/build-and-test/app-modes
However, if you wanna try out your app in a localhost, you need to create a test app, like you can check out in this thread:
How to fix 'Facebook has detected MyApp isn't using a secure connection to transfer information.' error in Laravel
I am trying to connect a facebook app but it is displaying error as "Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
the domain i am using is https://app.streamlivve.com
I tried all of solutions but nothing happen. here is my settings of FB app page
Can you please guide me to solve this error:
Facebook announced in Dec 2017 that in March 2018 they would change the settings for Oauth redirects:
https://developers.facebook.com/blog/post/2017/12/18/strict-uri-matching/
In a nutshell, you can only redirect to explicit, precise pre-determined URIs now. Which is annoying if (like me) you want to pass URI parameters back as well...
Make sure you're using Facebook SDK 5.6.2. There was an important fix.
Since this March (started running a couple of days ago), strict mode is now enabled by default. This means you now need to have the exact redirect URLs you're using marked as such in the app configuration.
You can see more here about what this entails and how to get on with the change.
Further, you need to update your dependency to version 5.6.2, as there's a bug in the previous version that wouldn't work with strict URI matching (yes, the one that is now enabled by default), so the login would break. You can see more about the fix in the pull request that fixed it. I can confirm that updating to 5.6.2 (PHP) fixed the issue.
To update your version in PHP, it depends on which expression you have in your composer.json, but if you have "facebook/graph-sdk": "^5.6", for example, a simple composer update will suffice.
So, I have this grade project where I have to do a mashup and deploy it on AppEngine. So, everything is fine, and I even got it working some months ago, but when I deployed the project again after doing some changes and updating the facebook api, it no longer works.
Thing is, it does works on localhost. The error only occurs when deployed. It's only a normal publish post POST.
So, here's the error:
The URL was blocked: Redirection has failed because the URI is not incluided in the list of OAuth authorised of the application client. Check that the OAuth access of both client and web are active and add all the domains of your apps as OAuth redirection URI
This was translated from spanish so it might not be totally accurate.
So, it seems easy, but I don't really know if the proble is that I have to do something in the configuration of appengine control panel (most likely), in the configuration of the facebook api control panel or if it's something in the project code. I've checked everywhere and have the faint memory of solving this several months ago, but I can't anymore.
Thanks!
For Facebook login, you need to tell Facebook the URI of the page that the login will start from. If you change the URI, then the login process will break. You can set the URI from this page:
https://developers.facebook.com/apps/1234567890/fb-login/
Except that you need your app id in there instead of 1234567890. You can get there from here:
https://developers.facebook.com/apps
I have a React/Horizon app with facebook login.
I am wondering if there is any option to work with facebook login from localhost?
There are some other good answers here. However I want to add information about how to create a Test app (as recommended by Facebook).
Go to the page to manage Facebook apps (you, the admin must be logged in): https://developers.facebook.com/apps/
Hover over the block containing your live Facebook app and click on the three dots button that appears on the bottom right corner. Then select Create Test App from the menu.
The test app will be created with a snapshot of your production app's settings. After this, you can independently edit the settings of your test app without affecting your production app.
See the documentation here: https://developers.facebook.com/docs/apps/test-apps/
Regarding the rest of the setup:
keep your app in Development mode
go to Settings -> Basic (left hand menu) and
enter "localhost" for the App Domain
change your Site URL to the localhost version (e.g. http://localhost:3000/users/auth/facebook)
Here are some (Jan 2022) screenshots of my test app settings, which I just use for Facebook login.
Settings -> Basic
Settings -> Advanced
Facebook Login -> Settings
You need to register as facebook developer and create you app there. Once you have your web app registered you can go to your app and click on add product.
Add Facebook Login. Then enable Web OAuth Login and add your localhost in the textfield below and save, you should be able to access it. Attaching a sample screenshot of my facebook app.
Disclaimer: This answer was written in 2019 and I have not been able to keep up with the latest changes introduced by Facebook, this is here for reference purposes.
So in my case doing the following things worked for me.
Make sure your application is in development mode
Make sure you don't have anything in Valid OAuth Redirect URIs when working from localhost
Make sure you don't have anything in App Domains also
Make sure you have entered localhost in your site url
I would like to add an update: July 2019
Facebook now allow localhost automatically in development mode and it is blocked in production mode. All you have to do is turn on development mode in your app settings and you are good to go.
You do not need to add localhost as a redirect URL anymore.
Here you can see the error at the Redirect URLs when I'm trying to add localhost.
You can use a tunneling tool like https://ngrok.com/ which is free for at least one instance. Then you can create a test App as already suggested and use the ngrok generated urls in this test app.
After test I see that we don't need to setup anything in facebook app
(even Site URL don't need to be localhost)
Just need to use https://localhost instead of http://localhost. Then login work and we able to receive response.
Note: If you see SSL warning after you enter https://localhost to browser. Just click on Advance -> Process to ... (unsafe)
The method FB.login can no longer be called from http pages.localhost, I get: App domains must match the domain of the Facebook Web Games URL (https), Mobile Site URL, Unity Binary URL, Site URL or Secure Page Tab URL. Please correct at least one of these domains: localhost
Using something like local-ssl-proxy is an easy way to solve this.
So I also have problem with working with Facebook Login from localhost in React and Express and I got this info:
"The method FB.login can no longer be called from http pages". After click login button, app just crashed.
My solution to fix this mess, was delete Facebook cookie from this localhost page. After this, I still have this error about http, but I can proceed and test login options.
Other solution is working in incognito mode.
I'm using Firebase to log into Facebook and honestly, the easiest thing was to just get your localhost served over HTTPS. I used ssl-serve for it, since I was working on a very basic ESM app with no build tools. But most build pipelines (e.g. Vue's vue-cli, React, etc.) have a CLI option for SSL as well.
What I used:
cd src && npx ssl-serve --ssl --clipless --port 5000 --silent
Then you just accept the self-signed cert ("Advanced" > "Continue" in Chrome/Brave) and you won't need to mess around with swapping the redirect URIs or domains under your Facebook app's config, nor the Facebook App IDs on Firebase.
Facebook provide Test App for your current app to get access to localhost environment. Create a test app on facebook https://developers.facebook.com/docs/development/build-and-test/test-apps/
and use the API and Secret to get testing on localhost.
I would like to share my experience for anyone who use firebase authentication combine with facebook login. Below solution work for me:
First, set your App Mode is development at https://developers.facebook.com.
Next, when you enable facebook login in Firebase Authentication, firebase will give you a link call OAuth redirect URI, you will have to add this link to the Valid OAuth Redirect URIs field in the setting page of your facebook app (inside tab Facebook Login). This is the most important step.
Finally, you don't need to do anything else. Good luck.
If you're using react and your local server is on http and still getting the error run this in the terminal to start up an https localhost
Windows:
set HTTPS=true&&npm start
Windows Powershel:
($env:HTTPS = "true") -and (npm start)
Linux and macOS (Bash):
HTTPS=true npm start
when it opens in the browser
click Advanced and proceed
No problems with making our webserver secure. App on Facebook runs fine IF 'secure browsing' opted in (user-setting). How can we make our App visible for visitors who has not opted in on 'secure browsing'?
Do we have to make a copy of the site on a insecure (http) server? Or is there another solution? (force to non-ssl via htaccess)
There should be no issue with setting both app urls, in your Facebook app settings, to use the https url.