We're serving a Facebook feed in our site, which includes images such as profile pictures that are served off Facebook's cdn. Our site is served over HTTPS, and we generally use protocol-relative urls when linking to outside images. However, the facebook images were not showing up. After digging, i noticed that https links pointing to facebook cdn images throw an SSL error because the Facebook CDN url doesn't match the Akamai URL associated with their certificates.
Compare:
http://profile.ak.fbcdn.net/hprofile-ak-prn1/50164_1132339922_583434524_n.jpg
https://profile.ak.fbcdn.net/hprofile-ak-prn1/50164_1132339922_583434524_n.jpg
This makes using HTTPS or protocol-relative urls for facebook images impossible to access as image sources, and so makes embedding Facebook images into HTTPS sites impossible without triggering mixed content warnings.
Has anyone run into this?
Figured this out:
On your graph api calls, use return_ssl_resources=1, and it will give you the proper image https urls
Related
I've recently enabled hotlink protection on MaxCDN, using what is known as Referer Access Control whitelisting.
I've enabled my own domains and my CDN domain, and it's working very nicely, however, when I try to share an image on social media, the og:image is not being picked up correctly.
Using the Facebook Debugger, I can see that an error is being thrown on the og:image
"Provided og:image URL, https://cdn.collectiveray.com/images/webdesign/web_design_blogs.jpg could not be processed as an image because it has an invalid content type."
I believe the problem is that the Facebook crawler is not in the whitelist. I've allow facebook.com, *.facebook.com, fbcdn.com, *.fbcdn.com, fbcdn.net, *.fbcdn.net, yet I am still unable to resolve the above error.
Would anybody know which are the exact domains to whitelist to allow social networks, both Facebook and others, to be able to access the images directly via their CDN URL?
TIA
David
I don’t think the Facebook scraper sends any referrer.
But you can identify it based on the User-Agent it sends, see https://developers.facebook.com/docs/sharing/webmasters/crawler
Details on how to set this up for MaxCDN here, https://www.maxcdn.com/one/tutorial/blank-referers-social-networks/
Just got this message from the FB debugging tool : is not allowed for the specified application id. I'm trying to post a story using Open Graph on Facebook. Right now I'm using the Graph API Explorer, but will eventually use the Facebook SDK.
I AM using a different domain from the domain I'm using to host the meta tag URL. My understanding was that Open Graph needed a publicly accessible page from which to read meta tags. I was under the impression that this page DID NOT have to live at the same domain as my app. Is that wrong? So, does this mean that the page with all the meta tags has to live on the same domain as my web site?
To be clear: the FB app is configured to use domain X, but I'm hosting the OG page on domain Y. Is that a problem?
Update:
Okay, I'm still getting the error this AM. It seems like I'm getting contradictory info. Given that this is Facebook support, is there some way I can escalate?
I still don't know what the issue is, but I was able to get this working by changing my local dev URL to an address that shared the same domain as the URL that was hosting the OG object I needed.
So, locally I've set my environment up to be: mylocal.sample.com, and the OG is hosted at public.sample.com.
Is wall sharing (performed through the FB JS API) in any form related to the Site URL setting for a given application? Users don't actually log in to our website using the tool - they just share the URLs on their walls via an application we've setup.
We are looking for expert confirmation on the subject as we'd like to change the Site URL in support of a new login provider wrapper (Janrain).
No, you can share urls even if the Site Url is not supplied. But the domain should be listed in the "App Domains" box. This shouldn't be a problem since it supports multiple domains. An example would be both myapps.mydomain.com and myapps.myotherdomain.com are listed there. I think this is ok in your case.
I'm building an app using Backbone.js and a private API that serves assets and JSON.
Most content in the app is accessed through the root '/' and the Backbone router serves up views based on the hash (ie /#about or /#view).
The problem is that when a page is shared to Facebook, it scrapes the main page and seems to disregard anything past the hash mark.
Are there any good rules of thumb for url paths or content that is not highly dynamic to make the app more presentable to Facebook, Google, etc?
Google has some good info on making AJAX apps crawlable.
https://developers.google.com/webmasters/ajax-crawling/
You could create a dummy page on your site with a full URL that is only accessible to the bots that Facebook and Google use. I'm not sure what Google's user agent is, but Facebook's is listed here:
https://developers.facebook.com/docs/reference/plugins/like/#scraperinfo
So you could have a blank page on /item/itemid1/ that is only accessible to the bots, point your og:url tags to that blank page and have the correct metadata on it for the Facebook scraper. Whenever a regular user tries to access it, redirect them back to the correct hash-based URL.
Been reading the docs about canvas and secure canvas, mainly due to the requirement that we provide a secure url before october 1. However, I cannot determine with any sense of certainty that we actually need to use a secure canvas.
If we only want to provide the ability for users to "login" and "like", do we even need a canvas? As far as I can tell, a canvas is something that facebook creates an iframe for, which points to a canvas url we provide, which is ultimately displayed on the facebook site.
Any clarification would be appreciated.
Apps accessed via facebook.com (i.e apps.facebook.com/something or via a Page Tab) will need to be accessible over HTTPS - you won't need to make your site to be available over HTTPS for the social plugins or off-Facebook API usage to work
The blog post with the details is https://developers.facebook.com/blog/post/499/
Specifically: All Apps on Facebook (Canvas and Page Tabs) must support HTTPS by October 1.