I'm trying to create an app on Facebook and facing some problems about security issues.
I want to know why I can access my app by its id: https://apps.facebook.com/371281253013594/
and I can't by its name: https://apps.facebook.com/nelsonapp/, when I use the name I get this error message:
"Secure browsing is not supported
This application does not yet support secure browsing (https)"
The domain where your application is hosted must be SSL certified (https) eg: https://my-domain.com/my-app. Else, your app can't be published in facebook.
Btw, in the App Settings you have to give this in the Secure Canvas URL too, eg:
Canvas Url: http://my-domain.com/my-app
Secure Canvas Url: https://my-domain.com/my-app
What did you wrote in these settings?
Related
I am developing a web-app which will manage user page posts etc,
My app in Facebook developer console is in development mode, but when i try to login in http://localhost then it gives error that facebook login does not allow http but i have to use https protocol.
Any solution to test facebook login in localhost with http ? or
Any idea to convert http to https in localhost?
I tried ngrok that converted http to https but facebook developer console said it is suspicious kinda link and refused to accept;
I am using a npm pakage react-facebook-login,
I will shift to pure code of facebook sdk if that will solve problem.
This is a solution I found for create-react-app. https://create-react-app.dev/docs/using-https-in-development/
Make sure you use the right terminal and it works. For instance, I started dev in the cmd line (set HTTPS=true&&npm start).
The downside is you still will get not secure warnings in the browser but the errors with the FB.login or similar from Facebook login packages went away. Hope it helps.
I am developing a web app with Facebook integration and I can't figure out why I can't test the login function locally. I have looked through the answers here (How to Test Facebook Connect Locally) and have tried to follow the steps of having the app in test mode, setting the site URL and the domain.
Based on FBs documentation here: https://developers.facebook.com/blog/post/2018/06/08/enforce-https-facebook-login/
I should be able to use http for localhost development, but I get the error
The method FB.api can no longer be called from http pages. https://developers.facebook.com/blog/post/2018/06/08/enforce-https-facebook-login/
and can't log in. Below are pictures of my app settings (including an indication it is an app in 'test mode').
So this is really only a half answer, but it seemed easier for me to just force https for my local development using mkcert (https://github.com/FiloSottile/mkcert). After creating local certs I updated my site URL to say https://localhost:8080 and I am able to log in without issue.
I've created a webapplication, hosted in an Azure App Service. The App Service is secured using Azure AD Authentication with login required.
When trying to load this page in a Personal App, the page tries to redirect to login.microsoftonline.com which is not able to show the page in an iFrame.
When switched to Developer preview the application is shown, passing the login using the currently signed in user.
Is there an ETA on enabling this behavior on the "non-developer preview" client?
Or is there another way to achieve this?
PS: I'm aware of the SSO javascript API, but this does require anonymous access to the application executing the JS calls. Unless I'm missing something? :)
I have a website I'm developing using Meteor with a production and test Facebook website app setup for login purposes.
Specifying the app id and secret in my settings for localhost and production environments is easy, but how do I allow my colleagues to also login in a localhost environment to the app without giving them the appid and secret - since it's tied to my facebook account (or is it?).
I have the app setup for localhost testing, it just doesn't feel right giving them the appid and secret, in-case of turnover and/or other security issues that seem pretty obvious.
I can add them as testers on the app using Facebook's developer page for my test app, but that doesn't allow them to login without the app id and secret in their configuration while launching the server on their localhost.
I'm sure this has an obvious solution, I just can't find it in the docs.
I'm using Meteor for developing the site.
They won't be able to hack your facebook account if you give them an app's secret if that's what you're asking. Still, you can always create test users, FB exempts developers from their "real name" policy: https://developers.facebook.com/docs/apps/test-users
You must provide an SSL certificate in the Dev App settings to avoid having your app disabled.
https://developers.facebook.com/roadmap/
Do I have to upload my certificates anywhere? Where?
You need to add your certificate to your web server.
For more information about installing certificates, visit this link: https://knowledge.rapidssl.com/support/ssl-certificate-support/index?page=content&id=SO16226
Find out what kind of web server you're using and follow the instructions. You may need to contact your web hosting administrator for help.
Once the certificate is installed on your web server, you need to enter the https url in the dev app settings, I believe it's called "Secure Canvas URL". That's all that facebook requires of you.