I built a site to try out Telescope/meteor and deployed it with Heroku using a custom domain from Godaddy --->
ISSUE: When viewing the site iOS :
Good > responsive mobile version appears via the default Heroku url: unfair.herokuapp.com
Bad > mobile version does not appear via the custom url: www.un-fair.net (desktop 'full site' shows up)
I updated the 'ROOT_URL' in Heroku settings and switched it from the default URL to the custom URL but didn't fix the issue.
Any suggestions ?
Heroku support claims it is not an issue on their end.
It's definitely possible to do, as mine is displaying all right via my Godaddy custom domain.
When setting up my custom domain with my Telescope app on Heroku, I needed to change the DNS settings via Godaddy. You'll need to add (or update if it's already there) a CNAME record where "Host" is "www" so that "Points To" is "unfair.herokuapp.com".
How to find the DNS manager in Godaddy: https://www.godaddy.com/help/access-the-dns-manager-19182
The only reason I can think of is an issue with your redirection. For example, if you're redirecting via an iFrame instead of setting the DNS, the iFrame hosted by GoDaddy might not have the proper meta tags required to enable the responsive version on mobile.
Related
I recently downgraded one of my Heroku apps to a free dyno - as a result, the SSL was revoked (cos I was using the SSL provided with a paid dyno). Now, when I visit my site URL, it gives me this error: ERR_SSL_PROTOCOL_ERROR
I've edited my production.rb file to set: config.force_ssl = false and published that code, but it still redirects my site to https when I try to connect on http.
Now, to complicate things:
This only applies to my custom domain - the .herokuapp.com domain works fine
It works fine on incognito mode on both the custom domain and the herokuapp.com domain
I've tried clearing the cookies and cache (for the last 7 days) and it still didn't work :/
Any ideas what I can do?
Edit:
In case it helps, I am using Chrome on Windows 10
Given that you are using Chrome, according to this answer, you need to follow these steps to stop Chrome from redirecting http:// to https://.
Anon is right about STS, but there is a way to specifically delete your domain from the set. Go to chrome://net-internals/#hsts. Enter 3rdrevolution.com under Delete domain security policies and press the Delete button.
Now go to chrome://settings/clearBrowserData, tick the box Cached images and files and press click the button Clear data.
When I use a service used for online authentication, I get an url to navigate to that will automatically open an app that is used for the passcode input.
The url is in this format:
bankid:///?autostarttoken=2a1b5e2c-c9fb-4402-1239-2a1619d655e9&redirect=null
The navigation to this kind of urls do only make sense on a mobile unit where a certain app is installed.
Nevertheless, desktop browsers (not everyone) also try to navigate to such an url, like it would ever be possible. That of course results in an error page.
Why do they do that?
Do I need to use a hidden form?
Will every mobile unit honor that?
The custom URL scheme is used to be able to start an application locally, in this case the BankID client which handles the 2FA.
This works nicely on both mobile and desktop, as long as the custom url scheme is registered. AFAIK for mobile, if the URL scheme is not registered locally, it will query the appstore and let the user install from there. The BankID is available for both iPhone and Android in the appstore. On Windows it also query the appstore, but the BankID client is not available as Windows App, so it has to be installed manually from https://install.bankid.com. On Mac I have no idea if it queries the app store, but I know it has to be installed manually from https://install.bankid.com
Android, iPhone, Windows Phone, Windows mobile, Windows XP and later, MacOSX all honors the custom URL scheme but it also need to be honored by the browser, which all the major browsers do.
Historically, before mobile, we used to start programs using the NSS plugin support in the browsers. NSS plugin support was removed by the browsers since it was easy to mis-use from a security point of view.
That's why the custom URL schemes are used.
As you can read about in the BankID relying party guidelines, there is a transition to use https://app.bankid.com links to start the client instead. Basically, that's just a custom url scheme similar to bankid:// but registers both protocol (https://) and host (app.bankid.com), which then starts the app. This has the added benefit that if a user who hasn't got the client installed and is not able to find the client via a appstore or similar, will get the web site available, which then can help the user to install the client.
As the idea of an applink is to let the user navigate to the website if the URL is not registered locally, don't hide the navigation.
I'm trying to open an App from a Web Page link, it works like a charm on an HTTPS domain, but when I try on a HTTP (unsecure) domain the universal link isn't working.
Anyone know if I'm missing a configuration?.
Thank you!.
If I am understanding correctly, you have an app for which you are enabling Universal Links. When the associated-domain that you are using for Universal Linking is secured by SSL, everything is working properly. When you attempt to use a link domain that is not secured by SSL, however, it is not working.
Assuming I have understood correctly, the issue you are encountering is most likely Apple's requirement that the AASA file be served securely on your link domain. As per Apple's documentation (here: https://developer.apple.com/library/content/documentation/General/Conceptual/AppSearch/UniversalLinks.html):
After you create the apple-app-site-association file, upload it to the root of your HTTPS web server or to the .well-known subdirectory. The file needs to be accessible via HTTPS—without any redirects—at https:///apple-app-site-association or https:///.well-known/apple-app-site-association. Next, you need to handle universal links in your app.
I am using rails 4.2.2, deploying to production on Heroku and using the free level of Cloudflare for ssl. In my production.rb file I have set
config.force_ssl = true
If I am not signed in as a user, then ssl works and I see the padlock in the browser url bar, and I see it for all unsigned-in pages. However, once I log into the site, the padlock disappears on all signed-in pages. When I am signed in and chose a different signed-in page, the padlock temporarily appears as the page is being loaded but then disappears when the loading is complete. All this happens on both Chrome and Safari. I am not using Devise.
What could be causing this?
If you are using devise, take a look at this:
https://github.com/plataformatec/devise/wiki/How-To:-Use-SSL-(HTTPS)
Thanks to the support team at Cloudflare, I was able to solve this.
The signed in users can use a gravatar, but the gravatar_image_tag was not being used with the secure setting. This meant the image was being transferred using http not https. This could be seen by looking at the developer console, which was displaying an error indicating the page was displaying with mixed http and https. In order to fix this problem, I just used the secure setting for the gravatar_image_tag.
In my case, the page accesses to some in-secure asserts (ex: images in AWS S3). Chrome Developer Console shows that the page is mixed-secured. Change S3 image links from http to https make ssl works.
I cloned the Shopify embeded app example and set my API key and secret and then authorized the app through Shopify. Now that I want to open the app in the admin panel (supposed to render index method of home controller) it shows nothing since the embedded app is trying to get a page with path: wss://argus.shopify.com/820222/register?token=foo&screen_sharing_support=true&user_name=Pooya%20M&guid=bar
This request is pending and does not finish.
What is wrong here and how can I fix this?
I fixed the problem. The problem of showing nothing was because of rendering an HTTP page from an HTTPS one (localhost is without SSL by default) .
Lgs were disabled in my inspector. I enabled error logs in my inspector, and I resolved the errors (one of them was this insecure rendering).
P.S: You can add SSL to localhost or disable the protection of your browser.