I'm trying to do some initial testing in my local environment with box.com api. I've registered the api key and I'd like to put a localhost url in redirect uri form field but it seems like it only allows https (which I don't have in localhost). Message returned:
OAuth2 redirect URL must specify a valid URL and must not be http://
The requirement for the https is a good thing. While you are still in dev it would still be an active auth token transmitted in plain text if sent to http:// which someone could grab and use to mess with your box.net account.
You are going to need to generate a self signed certificate and install that locally to allow for this to work.
How can I create a self-signed cert for localhost?
Another option to further enhance this would be to actually buy the SSL that you are going to need for this project when it goes live and use a local dns redirect via your hosts file to load the domain off your local dev machine as opposed to the live server.
Box has updated itself to allow localhost to be http://. For other URIs, you need https://
Related
I'm pretty newbie in https and my project is MVC web application and i've created a self-signed certificate in IIS and set the website's binding to use that certificate and ssl settings to 'require SSL' and I can browse the website over https (although it's not verified and has red x on it).
The part that I don't understand is when I send a request to server (post request), I can still check the network console and see what was the parameter passed.
I can still check the network console
I assume that you mean the information about the send and received data within the browser with "network console". Since the browser is creating and encrypting the data the browser has access to the clear text before encryption and after decryption and thus can show these information.
I need the following information for my app to work:
1) Client ID
2) Redirect URL
Setting up the app and creating an ID + secret code was easy. But I have no idea what to put as my redirect URL. I used localhost as my URL and I was able to sign into my google account but after I signed in I received Error: redirect_uri_mismatch
Screenshot
What can I do? How do I even create a redirect URL?
In the Developer Console credentials page (the one in your screenshot), add your redirect URI to the "Authorized redirect URIs" text field.
Ensure you're supplying the correct port and correct route your server is listening on too.
For example, in the Google API Console, the working redirect URI for me is
Your port and route all depend on your server setup (ie. look in your index.js if you're using Node). This working sample with port 5000 is from the example server code in the YouTube API NPM module readme.
Here is my cenario:
I have an Rails app on Heroku and i'm forcing it to use HTTPS (Using this tutorial: http://simonecarletti.com/blog/2011/05/configuring-rails-3-https-ssl/) .
I created a POST form, and its the action is "/my-action"
How do i know if my data is really been transmitted using SSL ? I mean, the form action shouldn't "https://mywebsite.herokuapp.com/my-action" ?
Some considerations:
* I'm using the free heroku SSL (https://myapp.herokuaapp.com )
* This app is not using the heroku SSL endpoint addon
Thanks
if you have valid ssl certificate and encryption key, then you only your data is accepted via ssl. Simply redirecting your website to use https protocol doesn't encrypt your data flow. And, this is what you were doing it. Right now, you are using heroku which does provide free SSL service if you use its domain.
So, if your website can be accessible via https://myapp.herokuapp.com and browser isn't giving any warning..then you are using SSL service.
This isn't applied if for custom domains. Your custom domain will still be accessible with https://www.example.com but it it SSL enabled.
I have a WebAPI solution hosted in an Azure Web Site (appnameapi.azurewebsites.net) that has some endpoints exposed to regular http right now.
I also have a client application hosted in a separate Web Site under appname.azurewebsites.net.
I purchased appname.com from hover and am forwarding appname.com to appname.azurewebsites.net with masking. The client application makes requests to appnameapi.azurewebsites.net right now, but not encrypted.
My goal is to get SSL working on the web client so that users see SSL in the browser bar, and so that anything that goes from the client to the api endpoints is encrypted.
I went to rapidSSL and purchased a certificate for appname.com. Now I'm not sure if I need to put this in my WebAPI web site, or my client web site. I've found some documentation on setting up SSL in Azure but nothing that's given me a good grasp of what needs to be done in this scenario.
What's the next step? Do I need one cert per site, and if not, where does the single cert go?
You client web site is appname.azurewebsites.net. You have appname.com mapped to this. Your SSL certificate is for this domain. So, you will need to put the certificate with the client app. As an end user, if I go to appname.com, the certificate your application will present to my browser will be the one you purchased for appname.com. This is for the pages rendered by the client web application.
Now, as the browser renders the page from the client web application, say it needs to make jQuery AJAX calls to your web API site appnameapi.azurewebsites.net. You can use a domain name for this one as well, some thing like api.appname.com but regardless, this will be a cross-origin call, BTW. If this call is also through HTTPS, then for this case also, a valid cert must be presented to the browser. Assuming you have api.appname.com which is a sub-domain of appname.com, you can use the same certificate you bought from rapidSSL with web API site as well provided it is a wild-card cert, which is obviously more expensive. Otherwise, you will need one more certificate for the web api site (or the domain name if you plan to use one for API) and install that new cert in the api app.
I am using a SSL cert for www.mydomain.com from GoDaddy on Heroku. How can I redirect from the root url, https: //mydomain.com to https: //www.mydomain.com from within rails so my cert will work? I have been able to redirect all other combination with custom middleware, so that SSL is always serverd, but can't figure out how to do this without the browser detecting the lack of a cert for https://mydomain.com/. Is there something like a rack env[HOST] that I can rewrite? Thanks in advance....
The browser compares the cert to the domain name way before Rails even gets a chance to touch it - in fact, it's the very first part of the negotiation with the server, so you can't even use Apache Rewrite to change it.
What you should do is add mydomain.com to your cert. They're called "unified communications" certificate, although GoDaddy just calls them a Multiple Domain cert. http://help.godaddy.com/article/3908