I was experimenting with github after building a little webapp as a project for free code camp. After hosting it on github pages it shows up broken. Most of its content is blocked. This is the link https://mojojojo77.github.io/
On mozila it says that the connection is secure but "firefox has blocked parts of this page which are not secure." I looked into the console for the problem and the API's I used seem to be cause. Is there a way to bypass this ? Like asking the user for permissions.
Load your resources using a // protocol instead of http:// or https://. That will cause the browser to request resources using a protocol that matches the page (using SSL if the page does, and not if it doesn't).
Related
Browser shows this page while open my portfolio that I host in git hub
I have my portfolio hosted on GitHub and, when visiting webpage via URL, it shows security error (Deceptive site ahead).
Or more ref:
I have marked SSL on GitHub, I also tried without SSL and neither works.
How can I avoid this security error?
You can see a similar case in abevoelker/how-long-since-google-said-a-google-drive-linux-client-is-coming issue 2
You would need to report your case to safebrowsing.google.com/safebrowsing/report_general
If you believe you've encountered an unsafe page where Google Safe Browsing should be displaying a warning but isn't, or a legitimate page where Safe Browsing is incorrectly displaying a warning, please complete the following form to notify the Safe Browsing team.
So, I have this grade project where I have to do a mashup and deploy it on AppEngine. So, everything is fine, and I even got it working some months ago, but when I deployed the project again after doing some changes and updating the facebook api, it no longer works.
Thing is, it does works on localhost. The error only occurs when deployed. It's only a normal publish post POST.
So, here's the error:
The URL was blocked: Redirection has failed because the URI is not incluided in the list of OAuth authorised of the application client. Check that the OAuth access of both client and web are active and add all the domains of your apps as OAuth redirection URI
This was translated from spanish so it might not be totally accurate.
So, it seems easy, but I don't really know if the proble is that I have to do something in the configuration of appengine control panel (most likely), in the configuration of the facebook api control panel or if it's something in the project code. I've checked everywhere and have the faint memory of solving this several months ago, but I can't anymore.
Thanks!
For Facebook login, you need to tell Facebook the URI of the page that the login will start from. If you change the URI, then the login process will break. You can set the URI from this page:
https://developers.facebook.com/apps/1234567890/fb-login/
Except that you need your app id in there instead of 1234567890. You can get there from here:
https://developers.facebook.com/apps
I'm working on an iframe style app that pulls the facebook optimized page available at http://store.starrco.com/?store_mode=facebook. I've done other, admittedly much simpler, iframe apps before without issue but though I've configured this one more or less the same when I try to view the canvas url it remains blank.
My settings can be seen here: http://www.abstraktmg.com/clients/starrco/starrcofbsettings.jpg
I've tried a few different permutations of this with the same results, this is the most complete setup though and most closely matches the settings template I was given.
This page is being generated by Webasyst's shop-script, which is specifically supposed to support this. The obvious answer then is to contact their support which I did, but after assuring them that my app settings matched their template, they said I needed to contact Facebook support and this is as close as I could find to any proper support system.
I checked both http and https versions of store.starrco.com/?store_mode=facebook and both worked outside of facebook.
However, there may be some framebusting code which might prevent the site from being loaded in an iframe. And I see that your settings appear to be missing the app domain entry.
I ran into the same problem, especially in Chrome and Firefox. The problem is, when the user is surfing with https on Facebook, the https Version of the iframe is called. But the browser do not show invalid certificate problems until you to right click page information.
You need to have a signed SSL cert by a CA trusted in the browser.
If the user has accepted it without the iframe - outside of Facebook, it works.
So, for whatever reason, some people can't see the custom facebook page tab. Not sure why, especially when I can see it just fine.
Link: http://on.fb.me/rKNxUS
Let me know if you need more info.
Do you have a https version of the page tab? If they're account always uses ssl and you don't you might run into issues. Other times I've seen resetting the app secret help with issues like this.
It shows a standard browser error page to me. "This webpage is not available Google Chrome's connection attempt to incontrolwebsites.com was rejected. The website may be down, or your network may not be properly configured."
May it be possible you didn't upload the webpage to the production server?
If it opens correctly from your machine: check that you don't have a custom DNS setting to point to your local webserver instead of the production server.
I noticed a site that offers a free secure adaptor for page tab apps.
Looking at the source code, I saw that the adaptor was basically an iframe running my old insecure url inside a html file hosted on a secure server.
Is such a solution going to last for Facebook?
From what I read about SSL, this doesn't seem entirely legit and I wouldn't want to start using such a service and then discover that in a month or two Facebook will block these practices or that this sort of "secure" page will generate all sort of browser warnings
I don't really deal with Facebook data (except for signed_request and app_data), my app requires no permissions and no data from the user, so I won't need to interact with Facebook in my secure version, other than asking for the signed_request and possibly app data
Wouldn't you still have a mixed content warning if the initial content is loaded over HTTPS and your original page is loaded over HTTP in an iframe?
Unless I'm missing something here, this solution is only going to solve the 'Facebook says i need a secure URL' problem, not 'Facebook says i need a secure URL so people can access my app over HTTPS without problems'