Using Rails OmniAuth on Facebook, there is a very subtle issue that I need to fix.
My app is on Heroku and its default domain is myapp.herokuapp.com (suppose). I have my personal domain called hello.com, and whenever a user goes to hello.com, he is "forwarded" to myapp.herokuapp.com.
On Facebook dev center, there are App Domains field and Site URL field. I thought I had to put myapp.herokuapp.com into Site URL, and hello.com into App Domains, but it didn't let me.
"hello.com" must be derived from one of: Site URL, Mobile Site URL, Canvas URL, Secure Canvas URL, Page Tab URL or Secure Page Tab URL.
So I just left App domains blank.
Everything seemed to work fine except for one thing. OmniAuth works fine when I go to my website through myapp.herokuapp.com. But when I go through hello.com, there is one little problem. When I'm not logged in Facebook already, it does not redirect me to the Facebook Log in page. So when I click on the login button, it loads for a few seconds but nothing happens (because it's supposed to redirect me to the facebook website to log in there first but it just doesn't) However, when I'm already logged in Facebook, it works fine.
I'm not sure what the problem is. My guesses:
I'm setting App Domains & Site URL wrong.
I did not set DNS yet. Heroku tells me I have to set the DNS to point to my domain, but I'm not sure what that means as I've never dealt with this. Right now, my personal domain, hello.com is simply forwarding to myapp.herokuapp.com. Is this what's causing the problem?
Thank you for your help!
The problem was that I didn't set DNS, but just forwarded my herokuapp url to my custom domain. Instead of "forwarding," you should set your DNS if you are having a similar problem.
Related
I have a Rails 5 app that uses Devise for managing users and hosted on Heroku.
My site is called www.example.com but I allow my users to set up custom domains so it could be www.andyexample.com as well.
I can successfully login to www.example.com. However, when I login to www.example.com and then navigate to www.andyexample.com I'm not logged in anymore even though it's the same application.
Is there a way to keep me logged in even when I change between domains?
My understanding was that Devise uses cookies but since a cookie is stored in the browser, why does it not keep me logged in?
Not a duplicate to the suggested post since it's outdated and has 1 reply that introduces a fairly complex solution to something that should be easier to achieve.
Cheers,
I have a rails app hosted on Heroku which uses a custom domain and no SSL, but on the checkout page I want to use the Heroku URL instead which already has SSL configured.
So for example, a user is on http://www.example.com and is logged in already and then clicks the checkout link which goes to https://example.herokuapp.com/checkout.
The issue is that once the user visits the 2nd URL they get redirected as the app thinks they are no longer logged in. Is there a way to keep the user logged in when switching between these pages?
You cannot do that with the herokuapp.com subdomain.
That domain is listed by browsers in their public suffix list: https://devcenter.heroku.com/articles/cookies-and-herokuapp-com
That means you cannot use a cookie which will set *.herokuapp.com, even less *.com.
The only you can do this is by using your custom domain, or the herokuapp.com subdomain all the time.
If the reason you're not using SSL on your custom domain is the price, you could be interested by CloudFlare's SSL offering and proxy requests to your app through them: https://www.cloudflare.com/ssl
I want to set up the facebook login for my website locally but it gives the warning:
One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
In the facebook app settings, I set as follows:
App Domains:mysite.com
Website with Facebook Login:http://mysite.com
Is that OK if I want to work locally? And what else should I do to avoid the warning? And I am quite confused with how the facebook_login works. I am new to this area, thanks for your help.
Let's say you are doing local development and your app hosted locally with url:
http://localhost:53750/
Go to your settings on Facebook: Apps-> YOUR_APP_NAME -> Settings -> Add Platform
Select WebSite and enter your url and save changes After that you should have something like:
Done. Try to login from your web app.
My Ruby on Rails app has a subdomain URL for each user's public page. Eg. username.xyz.com
I want to publish this URL on the user's Facebook Page from Rails.
So far, I have created a Facebook App and set it's Page Tab and URL.
I'm using the fbgraph gem to set this app on the facebook page. (This page will be created by the user and will have admin access of this page.)
I used this code:
user = FbGraph::User.me("USER_TOKEN")
account = user.accounts.select {|account| account if account.name == "PageName"}.first
page = FbGraph::Page.new(account.identifier).fetch(:access_token =>"Access_token",:fields => :access_token)
tab = page.tab!(:app_id => "APP_ID_I_CREATED")
Using this code, every user's page points to the URL defined in the APP's Page Tab URL.
I want every user's page to point to their own subdomain URL (eg: user1.xyz.com)
What do I need to do to achieve this?
The subdomain is not handled by the web server, it's handled by DNS. So first you need to get DNS to route everyuser.xyz.com to the IP address where your web server is.
The way DNS works, you will likely have to have a DNS entry for every user. You might be able to find an API to add DNS subdomains when you create a user.
Don't ask me about how to do this, because I don't know, and am uninterested in researching it.
You also have to get the web application to accept the request, and #lightyrs has a good description on how to do that.
You can do the following:
Edit: Make all of these user.mywebsite.com subdomains resolve to the same URL. At that URL:
Create a catch-all route that will handle all traffic originating from *.facebook.com.
Point that route to a controller action that decodes params[:signed_request].
The decoded signed request will yield the facebook id of the page that is responsible for the request.
Fetch the user in your system that is an admin of the page in question.
Fetch the user's subdomain.
Redirect to the subdomain.
Currently, this is the most common way of solving this problem, however, I'd like to see a solution from facebook in the future that allows us to have some kind of dynamic tab URL based on the page, user, and referral context.
I am making a Rails site that lets people sign in, only using Omniauth authentication with Facebook. No passwords are entered into my site. Is it still beneficial to have SSL on my site? Or does the Facebook authentication route pretty much take care of that? I know SSL is required for Facebook apps/sites that appear in FB, and that is NOT my case.
I know it will work, just like I can have a login screen with email/password without SSL. It will work, but it's not exactly secure. I'm looking for a recommendation... if I don't have SSL on my site, what info is passed that would not be secure? And is that info worth having my own SSL certificate to hide it from anyone watching?
Partial answer: It will work fine without SSL even if your app user has secure browsing enabled.
its an ipage, when browsed via HTTPS it displays an error