I am using ASP.NET MVC 4 Mobile application, in which I am trying to redirect to an external website. However its failing with "Error loading page" message.
public void RedirectToGoogle()
{
Response.Redirect("http://www.google.com");
}
Also I see the following script in _Layout.cshtml which is created automatically while creating the application.
<script>
$(document).bind("mobileinit", function() {
// As of Beta 2, jQuery Mobile's Ajax navigation does not work in all cases (e.g.,
// when navigating from a mobile to a non-mobile page, or when clicking "back"
// after a form post), hence disabling it.
$.mobile.ajaxEnabled = false;
});
</script>
I tried changing $.mobile.ajaxEnabled to true, but no success.
Any thoughts on how to do url redirecting in ASP.NET MVC 4 Mobile application?
Response.Redirect is for WebForms and uses the WebForms page lifecycle. For MVC you should use return Redirect("http://www.bing.com");
I've reproduced the problem on ASP.NET MVC 4/Beta with a mobile project. It's a CORS (Cross Origin Resource Sharing) issue. See http://www.webdavsystem.com/ajax/programming/cross_origin_requests
Use the F12 developer tools to Fiddler to see the problem.
EC7118: XMLHttpRequest for http://www.bing.com/ required Cross Origin Resource Sharing (CORS).
localhost:52137
SEC7119: XMLHttpRequest for http://www.bing.com/ required CORS preflight.
localhost:52137
Related
We have run into a problem using aspnet core 2.2 with Facebook WebView (https://developers.facebook.com/docs/messenger-platform/webview/).
The issue occurs only in desktop browsers using chat function in messenger.com or facebook.com.
We have developed a chatbot and there are buttons in the conversation. When the user click that button a WebView shows our webpage.
This webapplication is an aspnet core mvc webapp (hosten in Azure App Service) where a controller action at server side creates a cookie and writes it into the Response.
var cookieOptions = new CookieOptions()
{
IsEssential = true,
Expires = DateTime.UtcNow.AddYears(1),
};
Response.Cookies.Append("COOKIE_NAME", "cookievalue", cookieOptions);
When this page loaded from a Facebook WebView (from a FB chatbot) the cookie created above (on server side) is missing.
In the aspnet core web project Startup.cs cookie middleware is configured like this:
public void ConfigureServices(IServiceCollection services)
{
...
services.Configure<CookiePolicyOptions>(options =>
{
options.CheckConsentNeeded = context => false;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
...
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
...
app.UseCookiePolicy();
...
}
What I've tried:
if the same cookie inserted from client side javascript, the cookie is available in Facebook webview.
document.cookie = "COOKIE_NAME=cookievalue";
Same scenario works correctly using asp.net fwk 4.7.2 and Facebook webview.
from a mobile app (messenger) it works as I expected, cookie available
I think the problem source could be in the WebView, because the page works perfectly when loaded from a normal browser – not from WebView (Chrome, IE, Edge, FF, Safari, etc), both cookie (server and client side created) are available.
What could be the problem with scenario using aspnet core 2.2 and Facebook WebView?
Thanks for helping!
At the end I found the problem. The chrome's cookie policy settings changed: https://www.google.com/chrome/privacy/
Thats why I run into the problem above.
Solution:
I have to change these cookies samesite settings to 'SameSiteMode.None'.
var cookieOptions = new CookieOptions()
{
Secure = true,
SameSite = SameSiteMode.None,
IsEssential = true,
Expires = DateTime.UtcNow.AddYears(1),
};
Testing on desktop works fine, the various provider's popups come up. On mobile device however with each provider a new browser window opens, but the address is the non-customized hosting URL of the firebase app and the sign-in flow halts.
Originally the Firebase documentation advises the non custom hosting URL to be used in the redirect URLs. I changed those for all providers to the custom one: https://valleydevfest.com/__/auth/handler instead of https://valleydevfest-620d6.firebaseapp.com/__/auth/handler (for both Facebook app, Twitter app and my Github app too). That didn't help at all and the mobile Chrome still redirects to some https://valleydevfest-620d6.firebaseapp.com/... address, which either halts loading or it loads a very broken version of the website (instead of the OAuth login).
Most relevant code:
var signIn = function(providerId) {
var provider = getProviderForProviderId(providerId);
var that = this;
return this.auth.signInWithPopup(provider).catch(function(error) {
...
https://github.com/gdgfresno/valleydevfest/blob/develop/scripts/helper/firebase.js#L43
How can I overcome that?
(Whole source of the app: https://github.com/gdgfresno/valleydevfest/tree/develop)
I am using Worklight 6.0 and in this case testing with iOS7.
I'm trying to setup saml 2.0 SSO with Worklight and I seem to have succeeded, but I don't know how it works... At first, I have my app attempt to access my url like this:
WLJQ.ajax({
url: 'url.com',
type: 'GET',
xhrFields: {
withCredentials: true
},
success: function(data, status, xhr) {
console.log(data);
},
error: function(result) {
console.log("error");
console.log(result);
}
});
The request goes to success and returns me the url of the login page, which is correct because I haven't authenticated yet, but it does not display the login (as I intended).
Next I click a button to display a Native page (iOS) which is a UIWebView of url.com. This displays the login page via:
WL.NativePage.show('LoginController', backFromNativeLoginPage, params);
I log in successfully and see the contents of url.com that I expect. Then I return back to the non-native app via:
[NativePage showWebView:0];
Now that I'm back in the non-native code, I sent the same request above and I expect for it not to return the contents of url.com, but rather the login page because I have no headers attached to my request and I think the non-native code shouldn't have any knowledge of the cookies I may have made in the UIWebView.
My question is how does this work? Does my non-native part of worklight have knowledge of all the cookies that were created in the native code's UIWebView?
Let me start by saying my answer is partly based on speculation, but I think this is whats happening:
Since your Native page is using the a WebView and Cordova is also using the WebView, any headers and cookies that your Native page is using will be visible when you return from native since cookies are shared across differet UIWebViews.
If your native page was using the native URL request methods or some third party / open source mechanism for connecting to your backend server, then I would think that your non-native page would not be able to see the headers and cookies.
I am building some forms using the html input tabs in Facebook.
My form actions are post and insert linking to externally hosted php
function files.
The problem is, if the user isn't using Facebook's new https setting, a pop up
is shown with "un secure form"
Is there a why to provide a secure handler externally hosted or is this something
I would have go deeper into Facebook ap making with?
Facebook loads your app into an iframe (using POSTing a form).
When the user is using https with facebook they use the Secure Canvas URL property from the app settings, and when the user is not on secure browsing they use the Canvas URL.
Because of that, your page is not loaded from https but http, which is why that warning is shown to the user by the browser.
What you can do is to check when your page is loading which protocol is used and if it's not https then reload the page from https.
Something like (using window.location object):
var location = window.location;
if (location.protocol != "https:") {
window.location.href = "https://" + location.host + "/" + location.pathname + location.search
}
Or if you don't expect to have urls in your querystring you can simply replace:
window.location.href = window.location.href.replace("http", "https");
I have a Facebook app that is built as an iFrame. I am using the JavaScript client API loaded via:
http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php
In my initialization code, I use the requireLogin method to ensure that the user has authorized the app. I have found this to be necessary to be able to gather the user's name, avatar, etc. for the scoreboard. Here's a representative code snippet:
FB_RequireFeatures(["Connect","Api"], function() {
FB.Facebook.init("...API_KEY_HERE...", "xd_receiver.htm");
var api = FB.Facebook.apiClient;
api.requireLogin(function() {
api.users_getInfo(
FB.Connect.get_loggedInUser(),
["name", "pic_square", "profile_url"],
function(users, ex) {
/* use the data here */
});
});
});
This causes the iframe to redirect causing the Facebook authorization screen to load within my app's iFrame. This looks junky and is somewhat confusing to the user, e.g. there are two Facebook bars, etc.
Question 1: is there anything I can do to clean this up while still implementing as an iFrame, and still using the JavaScript APIs?
According to the FB API documentation:
FB.ApiClient.requireLogin
This method is deprecated - use
FB.Connect.requireSession instead.
My experience though when I replace api.requireLogin with FB.Connect.requireSession it never gets invoked. I'd prefer the recommended way of doing it but I struggled and was not able to find a way to get it to work. I tried adding various arguments for the other two parameters as well with seemingly no effect. My expectation is that this method will load in a dialog box inside my app iFrame with a similar authorization message.
Question 2: what am I missing with getting FB.Connect.requireSession to properly prompt the user for authorization?
Finally, at the end of the game, the app prompts the user for the ability to publish their score to their stream via FB.Connect.streamPublish. Which leads me to...
Question 3: am I loading the correct features? Do I need both "Api" and "Connect"? Am I missing any others?
Here is a summary of the changes I needed to make to clean up the authorization process. It appears that iFrames must fully redirect to properly authorize. I tried using the FBConnect authorization but it was a strange experience of popup windows and FBConnect buttons.
Ultimately this game me the expected experience that I've seen with other FB apps:
FB_RequireFeatures(["Connect","Api"], function() {
var apiKey = "...",
canvasUrl = "http://apps.facebook.com/...";
function authRedirect() {
// need to break out of iFrame
window.top.location.href = "http://www.facebook.com/login.php?v=1.0&api_key="+encodeURIComponent(apiKey)+"&next="+encodeURIComponent(canvasUrl)+"&canvas=";
}
FB.Facebook.init(apiKey, "xd_receiver.htm");
FB.ensureInit(function() {
FB.Connect.ifUserConnected(
function() {
var uid = FB.Connect.get_loggedInUser();
if (!uid) {
authRedirect();
return;
}
FB.Facebook.apiClient.users_getInfo(
uid,
["name", "pic_square", "profile_url"],
function(users, ex) {
/* user the data here */
});
},
authRedirect);
});
For iFrames, the solution was ultimately to redirect to the login URL which becomes the authorization URL if they are not already logged in.
I think that FB.requireSession only works from a FB connect site outside of
Facebook. If you're using an app hosted on apps.facebook.com use the php api
call instead,
$facebook = new Facebook($appapikey, $appsecret);
$facebook->require_login();
or link to the login page.
Of these methods to login
* Using the PHP client library
* Directing users to login.php
* Including the requirelogin attribute in a link or form
* Using FBML
only the first 2 are available to iframe apps hosted on apps.facebook.com
I think requirelogin and fbml only work with fbml canvas apps.
see
http://wiki.developers.facebook.com/index.php/Authorization_and_Authentication_for_Canvas_Page_Applications_on_Facebook
Question 1: is there anything I can do
to clean this up while still
implementing as an iFrame, and still
using the JavaScript APIs?
Question 2: what am I missing with
getting FB.Connect.requireSession to
properly prompt the user for
authorization?
Please have a look at this. This article discusses correct use of require session and provides links on how to implement that. And yes, you are right, the requireLogin has been deprecated and won't help any more.
Question 3: am I loading the correct
features? Do I need both "Api" and
"Connect"? Am I missing any others?
As far as I know, you can use both API and Connect together, basically you access Facebook's API with the help of JavaScript.
For iframe apps however, there is no great help and minimum support of API with some handful functionality available. See this for more info.
This causes the iframe to redirect
causing the Facebook authorization
screen to load within my app's iFrame.
This looks junky and is somewhat
confusing to the user, e.g. there are
two Facebook bars, etc.
Finally and personally I have not seen any iframe app requiring user to add the app first. This will create the problem of two bars you mentioned as quoted above.
The link I posted at the beginning of my answer has some useful links to get you started and decide the next-steps or possibly making changes to your apps.