CakePHP Facebook plugin error in HTTPS not in HTTP - facebook

I have set up the facebook plugin like the instructions.
Downloaded package and installed in app/plugins/facebook
Created app/config/facebook.php with my app's id, key and secret numbers, based on the example config file
Included $helpers = array('Facebook.Facebook') in my app_controller.php
Echoed the $this->Facebook->html() function in my layout (replcing the default html tag)
Echoed the $this->Facebook->init() function at the bottom of the layout, before
I run this code:
echo $this->Facebook->share('link');
If I go to: http://myhomepage.com it works but if I go to the same with HTTPS I just get a text share. In IE 10 and Chrome I get a Not safe content error. If I accept it it works.
How do I run it over SSL? I have bought the certificate, so it is valid and not a home-made self-signed one. I am running Cake PHP version 2.
I have tried to search the web, but I just find problems with the login function and not with the share button.

Please follow the below links for reference.
http://www.afbtemplates.com/tutorials/common-problems-facebook-secure-connections
http://developers.facebook.com/blog/post/497/
Do I need to support ssl on my site that allows login through facebook connect

Related

New webhoster redirecting me to cgi-sys/defaultwebpage.cgi

It's the first time that I am using a web host, and my problem is that the website redirects me to a default website page. Here is the link : http://173.193.234.99/
How could I fix that within CPanel ?
Do you have full on access to your server? If so try uploading some files and see if you can access them. Your host name is the IP address you've got, your username and password should've been provided to you by your host.
If that still does not work I would recommend heeding the advice as seen on the page:
"If you are the owner of this website and were not expecting to see this page, please contact your hosting provider."
But again, it looks normal to me, try uploading an index.html file and see if that works.

Canvas demo (runwithfriends) always redirects to main page under my own GAE

I'm using the runwithfriends example app to learn canvas programming and GAE. I can upload the sample code to GAE without any errors. Here are my config.py and app.yaml files:
conf.py:
# Facebook Application ID and Secret.
FACEBOOK_APP_ID = ''
FACEBOOK_APP_SECRET = ''
# Canvas Page name.
FACEBOOK_CANVAS_NAME = 'blah'
# A random token for use with the Real-time API.
FACEBOOK_REALTIME_VERIFY_TOKEN = 'RANDOM TOKEN'
# The external URL this application is available at where the Real-time API will
# send it's pings.
EXTERNAL_HREF = 'http://blah.appspot.com'
# Facebook User IDs of admins. The poor mans admin system.
ADMIN_USER_IDS = ['']
app.yaml
application: blah
version: 1
runtime: python
api_version: 1
handlers:
- url: /(.*\.(html|css|js|gif|jpg|png|ico))
static_files: static/\1
upload: static/.*
expiration: "1d"
- url: .*
script: main.py
- url: /task/.*
script: main.py
login: admin
Accessing the demo app on their GAE works just fine. When I take the exact same code, except for the changes I need to run under my own GAE account, the app won't work. I can login to the app using my account and the app shows up under my Apps menu. So, OAuth is good. Every time I go to access the main page, I'm always redirected to the iframe showing I use the app (can't show that image, runwithfriends app is over quota as I type this) but won't go to this iframe:
at all.
I've looked at and understand how url routing works:
def main():
routes = [
(r'/', RecentRunsHandler),
(r'/user/(.*)', UserRunsHandler),
(r'/run', RunHandler),
(r'/realtime', RealtimeHandler),
(r'/task/refresh-user/(.*)', RefreshUserHandler),
]
application = webapp.WSGIApplication(routes,
debug=os.environ.get('SERVER_SOFTWARE', '').startswith('Dev'))
util.run_wsgi_app(application)
All the handlers are there with what looks like correct post/get methods. There are no errors logged in my GAE instance either, such as 404 or 405. When I first use http://localhost:8080, I see plenty of 200s and nothing else.
I started out using dev_appengine.py but had to move development to GAE because of my HTTPS security setting. I disabled HTTPS temporarily but still always get redirected to the apps.facebook.com/path no matter what and can't keep all my development within dev_appengine.py. Don't know if that's related to my issue or not.
Since the demo works (when not over quota), I'm sure the problem is with my own GAE instance, or configuration within FB to use my GAE, I just for the life of me can't figure out. I'm using Eclipse with PyDev and GAE plugins.
Update
Adding the app's FB configuration and the window that's displayed after I login to the app.
Sandbox:
Redirects:
Running under my GAE, this is the only page that is returned:
Can you post what your error actually looks like?
It sounds like you don't have the FB redirection set up properly.
Or potentially your FB is set up in a sandbox and you're trying to access your app with a non-sandboxed user.
I decided to delete my test FB app and recreate it. When I went to enter my key/secret values was when I found my error. My issue was with my FB APP ID and SECRET - both had a space between the single quotes like this:
# Facebook Application ID and Secret.
FACEBOOK_APP_ID = ' xxxxxxxxxxxxxxxxx'
FACEBOOK_APP_SECRET = ' xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Having the space was screwing things up, once I went to enter the new values in conf.py I spotted the extra spaces. The correct constant declaration:
# Facebook Application ID and Secret.
FACEBOOK_APP_ID = 'xxxxxxxxxxxxxxxxx'
FACEBOOK_APP_SECRET = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
Test FB App works now.

Unable to get started with Google App Engine in localhost (runwithfriends example)

Long story short, I'm unable to get the Runwithfriends example app from the Gettting Started Sample App (https://developers.facebook.com/docs/samples/canvas/).
After I successfully got a hello world in Google App Engine, I followed all the instructions from the Facebook Example. However, when going to localhost port 8080 (Getting Started, step 8) I'm prompted with the annoying "Please Update Your Secure Canvas URL" error; pressing Continue doesn't do anything but to prompt me again to update my URL.
I read that the dev_appserver.py doesn't have SSL support, so I guess that's why when I put localhost port 8080 with SSL in my Secure Canvas URL, I get a ssl_error_rx_record_too_long error. So that's a dead end.
Now, I read that maybe my personal security settings as an admin of the app was messing things up. So, I tried with a test user; using localhost with SSL as a Secure Canvas URL pops the same error than before, but leaving it in blank gets me to the running with friends homepage; just before I was going to claim victory, I noticed that the refresh icon was going crazy, so by opening firebug I saw that the site was going GET requests like crazy; I opened the headers of the queries and got this:
Reload the page to get source for: https://apps.facebook.com/facebook-skuiz/
as long with other GET request that does other GET request that... well, you get the drill.
Maybe it's my mistake and I'm doing something wrong with my conf.py or app.yaml. Here they are:
####conf.py
# Facebook Application ID and Secret.
FACEBOOK_APP_ID = 'XXX'
FACEBOOK_APP_SECRET = 'XXX'
# Canvas Page name.
FACEBOOK_CANVAS_NAME = 'facebook-skuiz'
# A random token for use with the Real-time API.
FACEBOOK_REALTIME_VERIFY_TOKEN = 'RANDOM TOKEN'
# The external URL this application is available at where the Real-time API will
# send it's pings.
EXTERNAL_HREF = 'http://facebook-skuiz.appspot.com/'
# Facebook User IDs of admins. The poor mans admin system.
ADMIN_USER_IDS = ['100002926752876']
####app.yaml
application: runwithfriends
version: 1
runtime: python
api_version: 1
handlers:
- url: /(.*\.(html|css|js|gif|jpg|png|ico))
static_files: static/\1
upload: static/.*
expiration: "1d"
secure: always
- url: .*
script: main.py
secure: always
- url: /task/.*
script: main.py
login: admin
secure: always
(I also removed the secure: options, didn't work)
Now, maybe it's something really silly, like the folder structure or the name of the app. I hope that's the case and I'm doing something wrong, cause I can't believe the Getting Started tutorial is not working.
UPDATE: It seems that Firefox was guilty of the "Continue" bug. Tried on Chrome and so far so good. I'll keep updating to see how this goes.
Facebook determines whether or not to use your app's normal or secure URL based on how the the "secure browsing" setting is configured in the user's account. Sounds like you have secure browsing enabled for your account so Facebook is creating an app iframe that wants to navigate to the app's secure URL. Disable secure browsing in your user account / privacy settings and you should be able to connect to the appengine development server running on localhost.

Protecting click once web deployed installations

I have a link on my website to the standard publish page generated by Visual Studio. My concern is that if anybody finds out the URL to that page, they can download my software. Sure, I could password protect the page with the link, but it still would not be protecting the download URL. Are there any ways to secure the click once upload? I have looked around, and it seems like I am stuck in this sense.
Public URL is a security issue in ClickOnce Deployment. However, there is a solution for your problem if your web server has windows and .NET installed. Tell me if you have one ? I will have to come up with another workaround for Linux web server in case you have that.
Brief
Firstly, a bit of information about ClickOnce deployment. When you deploy the application, the GET requests on the server made are (assuming WebDir is the publish directory on the server)
G-1. GET /WebDir/setup.exe (Initial download)
G-2. GET /WebDir/MyApp.Application (setup.exe -url request)
G-3. GET /WebDir/MyApp.Application (.application deployment provider URL request)
G-4. GET /WebDir/Application Files/MyApp_1_0_0_0/MyApp.exe.manifest (Application manifest request)
G-5. GET /WebDir/Application Files/MyApp_1_0_0_0/MyApp.exe.deployand other .deploy files ... (Application file requests)
Implementation
Now, the solution is to intercept these file requests on the server. On IIS, you can attach a custom HTTPHandler and handle the request. On Apache, you can redirect requests to a PHP code using .htaccess files. Apart from this, you will have to generate unique identifier uid for client instances downloaded from the server (can be your license key) and put that in the deployment provider URL query parameters.
Directory Structure
Create an "Application" folder inside your WebDir and restrict access to /WebDir/Application/. Rest everything can be there inside /WebDir/
File Requests
So here's what you do on a Apache web server hosted on a windows machine:
Create a custom download page or use the one created from publishing the application using Visual Studio (but you will have to edit it manually!). Let's assume that page is /WebDir/Download.php
After authenticating user from Download.php, you have to send setup.exe from your code (can do it with readfile() in PHP) to the user. However, the catch is bootstrapper (setup.exe) after installing will do a GET request [G-2]. Don't forget now, that you have to validate this file request. So basically you change the "setup.exe -url" property to include uid before returning the file. For eg: change it to /WebDir/uid/MyApp.Application [G-2]. You can use MsiStuff.exe to change the URL property for the bootstrapper.
Using a .htaccess file, rewrite [G-2] to /WebDir/Handler.php?user=uid. From Handler.php, you can check if it is a valid uid. If it is valid, you will have to include the uid in the deployment provider URL and "Dependent Assemblies Path" in deployment manifest so that if an upgrade request comes (It essentially requests the deployment manifest), you can validate the user there too. Add uid to query string parameters. For eg: change it to /WebDir/MyApp.application?user=uid [G-3]. Don't forget that you will have to resign the manifests once you modify them. Use Mage or write your own code to do that.
So finally, the GET requests on the server will be (assuming uid=1f3rd)
G-1. GET /WebDir/Download.phpAction: return setup.exe with the -url changed
G-2. GET /WebDir/Application/setup.exe/1f3rd/MyApp.ApplicationAction: redirect, validate user, change URL, re-sign and return file
G-3. GET /WebDir/Application/setup.exe/MyApp.Application?user=1f3rdAction: redirect, validate user and return file
G-4. GET /WebDir/Application/1f3rd/Application Files/MyApp_1_0_0_0/MyApp.exe.manifestAction: redirect, validate user and return file
G-5. GET /WebDir/Application/1f3rd/Application Files/MyApp_1_0_0_0/MyApp.exe.deployand other .deploy files ...Action: redirect, validate user and return file
Pros
Application is successfully deployed and upgraded only if all the requests have a valid uid in the URL present.
You can now identify different instances of application on client systems. You can track the update history, do a selective version upgrade/downgrade and much more !
Cons
You will need a windows server to implement the above since you need mage.exe | your-own-.NET-code-signing-application and Msistuff.exe.
You may have minor performance issues since you are performing validation on every file request. You can choose to skip validation on .manifest and .deploy file requests.
You will have to ensure proper security for companies certificate which will be present on the web server for signing (You can store it on the server local file-system if you have the full server to yourself. In that case, it is fine unless somebody breaks into machine itself !)
If you want me to make something clear or explain in detail, feel free to ask. In case you have suggestions for modification to the above, post that too.
I will write a detailed CodeProject article if I have spare time someday.

Facebook development in localhost

Just wanted to know if there is any way I could develop Facebook applications in localhost.
Edit: 2-15-2012 This is how to use FB authentication for a localhost website.
I find it more scalable and convenient to set up a second Facebook app. If I'm building MyApp, then I'll make a second one called MyApp-dev.
Create a new app at https://developers.facebook.com/apps
(New 2/15/2012) Click the Website checkbox under 'Select how your application integrates with Facebook'
(In the recent Facebook version you can find this under Settings > Basic > Add Platform - Then select website)
Set the Site URL field (NOT the App Domains field) to http://www.localhost:3000 (this address is for Ruby on Rails, change as needed)
In your application initializer, put in code to detect the environment
Sample Rails 3 code
if Rails.env == 'development' || Rails.env == 'test'
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'DEV_APP_ID', 'DEV_APP_SECRET'
end
else
# Production
Rails.application.config.middleware.use OmniAuth::Builder do
provider :facebook, 'PRODUCTION_APP_ID', 'PRODUCTION_APP_SECRET'
end
end
I prefer this method because once it's set up, coworkers and other machines don't have additional setup.
Of course you can, just add the url localhost (without "http") in your app_domain and then add in your site_url http://localhost (with http)
Update
Facebook change the things a little now, just go to the app settings and in the site url just add http: //localhost and leave the App Domain empty
Here is my config and it works fine for PHP API:
app domain
http://localhost
Site URL
http://localhost:8082/
NOTE: As of 2012 Facebook allows registration of "localhost" as return Url. You still may need similar workaround for other providers (i.e. Microsoft one).
If you need real domain name registered with Facebook (like my.really.own.domain.com) you can locally redirect requests to this domain to your machine. Easiest out of box approach on any OS is to change "hosts" file to map the domain to 127.0.0.1 (see http://technet.microsoft.com/en-us/library/bb727005.aspx#EDAA and https://serverfault.com/questions/118290/cname-record-alias-in-windows-hosts-file).
I usually use Fiddler to do it for me (on Windows with local IIS) - see samples on http://www.fiddler2.com/Fiddler/Dev/ScriptSamples.asp.
if (oSession.HostnameIs("my.really.own.domain.com")) {
oSession.host="localhost:80";
}
Hosts file approach of approaches does not work with Visual Studio Development Server as it requires incoming Urls to be localhost/127.0.0.1. If you need to work with it (or possibly with IIS express) to override host - Using Fiddler with IIS7 Express
Facebook no longer allowed a 'localhost' callback URL for FBML Facebook applications
With the new development center it is now easier:
1) Leave app domains blank.
2) Click Add Platform
3) Site URL should equal the full path of your local host.
4) Save Changes
I just discovered a workaround: You can make your local machine accessible by using http://localtunnel.com . You'll need to (temporarily) change some URLs used in your app code / html so links point to the temporary domain, but at least facebook can reach your machine.
In your app's basic settings (https://developers.facebook.com/apps)
under Settings->Basic->Select how your app integrates with Facebook...
Use "Site URL:" and "Mobile Site URL:" to hold your production and development URLs respectively. Both sites will be allowed to authenticate. I'm just using Facebook for authentication so I don't need any of the mobile site redirection features. I usually change the "Mobile Site URL:" to my "localhost:12345" site while I'm testing the authentication, and then set it back to normal when I'm done.
You have to choose Facebook product 'facebook login' and enable
Client OAuth Login , 'Web OAuth Login' and 'Embedded Browser OAuth Login'
then even if you give localhost url It will work
There is ! My solution works when you create an app, but you want to use facebook authentification on your website. This solution below is NOT needed when you want to create an app integrated to FB page.
The thing is that you can't put "localhost" as a domain in the facebook configuration page of your app. Security reasons ?
You need to go to your host file, in OSX / Linux etc/hosts and add the following line :
127.0.0.1 dev.yourdomain.com
The domain you put whatever you want. One mistake is to add this line :
localhost dev.yourdomain.com (at least on osx snow leopard in doesnt work).
Then you have to clear your dns cache. On OSX : type dscacheutil -flushcache in the terminal.
Finally, go back to the online facebook developer website, and in the configuration page of your app, you can add the domain "dev.yourdomain.com".
If you use a program such as Mamp, Easyphp or whatever, make sure the port for Apache is 80.
This solution should work for Windows because it also has a hosts file. Nevertheless, as far as I remember Windows 7 doesnt use this file anymore, but this trick should work if you find a way to force windows to use a hosts file.
this works June 2018, even after the HTTPS requirement. It appears a test app does not require https:
create a test app:
https://developers.facebook.com/docs/apps/test-apps/
then within the test app, follow the simple steps in this video:
https://www.youtube.com/watch?v=7DuRvf7Jtkg
I think you should be able to develop applications using the visual studio development web server: Start a new FaceBook application on: http://www.facebook.com/developers/. Then set the settings for the site Url and the canvas url to the running instance of your website for example:http://localhost:1062/
Here are a couple of links that should help you out on starting with FaceBook:
http://thinkdiff.net/facebook/graph-api-iframe-base-facebook-application-development/,
http://nagbaba.blogspot.com/2010/05/experiencing-facebook-javascript-sdk.html,
http://apps.facebook.com/thinkdiffdemo/
Hope this helps.
Try this ---
https://www.facebook.com/help/community/question/?id=589302607826562
1 - Click Apps and then select your app.
2 - Click the Settings button on the left side of the screen.
3 - In the Basic settings, click the Add Platform button below the
settings configuration.
4 - Select Website in the platform dialog.
5 - Enter your URL (localhost works here).
6 - In the App Domains text input, add your domain that matches the one in the URL.
7 - Save your settings.
Suppose that you have registered your app as:
app.domain.com
You just need to modify the /etc/hosts file by adding
127.0.0.1 dev01.app.domain.com
Then, modify your apache configuration
ServerName dev01.app.domain.com
and restart apache.
You'll need to put your URL in a variable in order to use it as XML parameter on some calls:
<fb:login-button registration-url="http://<?=$URL?>/register" />
Don't have enough cred to comment on the top voted answer, but at least in my rails environment (running 4), rails s is at http://localhost:3000, not http://www.localhost:3000. When I changed it to http://localhost:3000, it worked just fine. No need to edit any hosts file.
app domain : localhost
site URL : http://localhost:4440/
worked for me with the new UI.
Latest update:
You don't have to give any urls if you are testing it in development. You can leave the fields empty. Make sure your app is in development mode. If not turn off status from live.
No need to provide site url, app domains or valid redirect oauth uri.
My Solution works fine in localhost.....
For Site URLS use http://localhost/
and for App domains use localhost/folder_name
Rest everything is same .......it works fine
(though its shows redflag in App Domain..App is working fine)
It's easy go to the app dashboard under the facebook login tab click settings
then select Enforce HTTPs No, save settings
The application will run just fine in localhost: 3000, you just need to specify the https address on which the application will be live when it be in production mode.
Option 2 is provide the url or you heroku website which lets you have sample application in production mode.