I am new to Firebase and thus I am asking this question. Also, I searched something similar to this question, tried them but failed. Thus when writing the reply, it would be great, if someone can add even the significance of the steps.
I have developed a chatbot and code at the following url being loaded when I use the web widget provided by the framework:
http://www.buildquickbots.com/botwidget/v2/demo/static/js/sdk.js
Every time user clicks on the webwidget, the above url gets opened which I doesn't want to happen. Thus I planned to host the code at the above url on to Firebase so that when user clicks on the widget something like myapp.fireabse.com/botwidget/v2/demo/static/js/sdk.js opens up.
How can I do this with nodejs backend?
The sdk.js URL which creates an iframe and appends it your website in a widget. And this domain name is only visible only if you inspect the browser. Check Liva widget: http://www.livafluidfashion.com/
Solution 1:
If you want to see the domain name as myapp.fireabse.com then redirect the incoming traffic from "myapp.fireabse.com/botwidget/*" to "www.buildquickbots.com/botwidget/".
Solution 2:
You can get "firebase.buildquickbots.com" as a domain name also. For that, you have to talk/mail to Gupshup support people.
Related
I follow a forum where people post many links. I've made a script, using javascript and tampermonkey (chrome extension), that first opens all unread thread in new tabs, than it looks for unread posts that have links and opens those links in new tabs.
This script saves me a lot of time and it is working pretty well. Nevertheless, I would like to improve it.
I want to change the title of the page that has been just opened in order for it to show the name of the thread on which the link that sent to this page was. For example:
On the thread "Fruits" there is a link that opens a new tab to a website "www.apple.com". I would like to change the tittle of this page to "Fruits - The name of the page", so I can know from which thread this link comes.
I use localstorage and sessionstorage to send information from one page to another page when my script is navigating inside the forum domain, but I have no idea what I can use to send information across different domains.
Furthermore, I would like to know if there is a way to tell tampermonkey to run the script according to the link that was opened.
I do know how to change the tittle of the page, the problem is taking the name of the thread that is on the forum domain and using it to change the tittle on the new tab that is on a domain different from the forum domain.
Localstorage doesn't allow access on different domain. You need to store that data in database server. The easiest is to sign up a database service, and it provides API you can use. If you're going to host your own, you must write your own scripts that allow CORS to provide the access to database server.
I've seen a fair amount of stuff about retrieving a Facebook user profile or page via fb:// from within a webpage to direct iOS to open the profile or page in the native Facebook app rather than in the browser on iOS devices. However, I see nothing about how to do so for Facebook status updates.
The behavior I am looking for is to provide a link to a Facebook status on a webpage (HTML5) and when the user clicks on it, to have the user be switched over to Facebook's native app and have the status show up in the app. My question is specific to status updates (sometimes called posts), and not pages or user profiles.
If it helps at all, the link is presented in a Sencha application packaged in PhoneGap/Cordova.
Any help would be much appreciated. I haven't seen anything directly on point around the web.
Isn't a status is just a type of post?
if so, you can find the postid of it and then use "fb://post/(postId)"
The solution is that you need to add userid and an "_" before the actual post id for it to work. most of the data you get back via graph or whatever sdk has the post id as just the single id without the users id and an underscore in front of it.
so it would look like:
fb://post/453453454_34857894375345
first set of numbers being the userid(not an actual one) and the second being the post id(also just random numbers i typed).
haven't tested going from web to native, but just tested it in a native app we made that successfully opens the facebook app to that specific post.
In my Google App Engine app I want to pass this user information
user = users.get_current_user()
to the Chrome extension in a url paramenter when the user clicks a button in the app.
How can I do this?
I read about Cross-Origin HMLHttpRequest but that seems about sending info to the app not about receiving.
This is a follow up to my other questions on this subject.
You can't pass information to the background via a URL parameter like this, but you've got a couple of options.
Probably the easiest way to do this would be to have the extension inject a content script in to your app. Since the content script runs in the context your your web app, it has access to the user details and any other information you might want to pass.
Then, via Message Passing (see http://code.google.com/chrome/extensions/messaging.html), you could send a message to the background page with the information that you're trying to send.
This is from a while ago, but just in case someone stumbles upon it as I did today.
Sending the user email as a URL parameter is totally unsafe. Anyone using curl or their browser can make requests pretending to be any random user. If users can alter data with their requests, or if they should not be able to see each others data then you shouldn't follow this approach.
You should use GAE's cookie based user's service instead:
python version
java version
I have a userscript (read: my Javascript on someone else's site) that allows users to share their IMDb votes with their Facebook friends. I just generate a URL for a Facebook share page with all of the custom information needed for the specific situation, something like "So and so gave the film Forrest Gump a rating of 9/10 on IMDb" with links to a thumbnail and the movie page itself, and allow the user to add their their thoughts on the movie itself.
script with Facebook share dialog http://s3.amazonaws.com/uso_ss/10985/large.png?1284850755
Until recently, I accomplished this by passing all of my parameters to http://www.facebook.com/connect/prompt_feed.php. Yesterday this broke, and it appears that Facebook is deprecating this sharing method in favor of using their Dialog code. (All of the official FB docs now refer to prompt_feed.php as the "old" way of sharing.)
I found a temporary workaround here that just adds a display=touch variable to the prompt_feed query string. This URL is working for the time being (go ahead and click it!), but I fear that it's a loophole that Facebook will close as soon as they realize it's still available, and I'll be stuck without a way to post stuff to FB.
The current methods of posting to Facebook seem to be 1) using the Dialog URL mentioned above and 2) via Javascript using FB.ui Both of these methods appear to require a Facebook App ID, and when I registered a new FB app for this purpose and tried to use it to create a http://www.facebook.com/dialog/feed request, I got an error because my app doesn't "own" the IMDb page that it's linking to. Any ideas about how to accomplish my purposes going forward?
to "own" the imdb page you just need to set the canvas url to the imdb domain.
you can simply use this url:
http://www.facebook.com/sharer.php?u=http://www.your-url-to-share.com
Just modify or change the http://www.your-url-to-share.com part in the above URL with url of the webpage or article that you want to share on the facebook feeds.
If you use the sharer.php and want text plus a link add the &t={text} to the url. For example:
http://www.facebook.com/sharer.php?u=http://www.your-url-to-share.com&t=text-to-share
According to the Facebook API documentation, most of the work is handled through javascript.
That means that all the processing is done, and then the front end checks if the user is connected to Facebook/authorized. right?
My question is:
Suppose a user goes to my site for the first time ever.
He clicks on "facebook connect". The javascript verifies him as authentic, and it "redirects" to another page on my server. From then on, how do I know that the user is actually authenticated to my website, since everything is done on frontend?
I think this is correct, but aren't there some security issues..:
-After user clicks Login, Facebook redirects to a page on my site. AND they also create a cookie with a specific "Facebook ID" that is retrieved only from this user. My backened will "read" the cookie and grab that ID...and then associate it to my userID.
If that is correct...then it doesn't make sense. What if people steal other people's "facebook ID" and then forge the cookie? And then my backend sees the cookie and thinks it's the real user...?
Am I confused? If I am confused, please help me re-organize and tell me how it's like.
Facebook Connect uses a clever (or insane, depending on your point of view) hack to achieve cross-site communication between your site and Facebook's authentication system from within the browser.
The way it works is as follows:
Your site includes a very simple static HTML file, known as the cross-domain communications channel. This file is called xd_receiver.htm in the FB docs, but it can be named anything you like.
Your site's login page includes a reference to the Javascript library hosted on Facebook's server.
When a user logs in via the "Connect" button, it calls a function in Facebook's JS API which pops up a login dialog. This login box has an invisible iframe in which the cross-domain communications file is loaded.
The user fills out the form and submits it, posting the form to Facebook.
Facebook checks the login. If it's successful, it communicates this to your site. Here's where that cross-domain stuff comes in:
Because of cross-domain security policies, Facebook's login window can not inspect the DOM tree for documents hosted on your server. But the login window can update the src element of any iframe within it, and this is used to communicate with the cross-domain communications file hosted on your page.
When the cross-domain communications file receives a communication indicating that the login was successful, it uses Javascript to set some cookies containing the user's ID and session. Since this file lives on your server, those cookies have your domain and your backend can receive them.
Any further communication in Facebook's direction can be accomplished by inserting another nested iframe in the other iframe -- this second-level iframe lives on Facebook's server instead of yours.
The cookies are secure (in theory) because the data is signed with the secret key that Facebook generated for you when you signed up for the developer program. The JS library uses your public key (the "API key") to validate the cookies.
Theoretically, Facebook's Javascript library handles this all automatically once you've set everything up. In practice, I've found it doesn't always work exactly smoothly.
For a more detailed explanation of the mechanics of cross-domain communication using iframes, see this article from MSDN.
Please someone correct me if I'm wrong - as I am also trying to figure all this stuff out myself. My understanding with the security of the cookies is that there is also a cookie which is a special signature cookie. This cookie is created by combining the data of the other cookies, adding your application secret that only you and FB know, and the result MD5-Hashed. You can then test this hash server-side, which could not easily be duplicated by a hacker, to make sure the data can be trusted as coming from FB.
A more charming explaination can be found here - scroll about halfway down the page.
Same issues here, and I think Scott is closer to the solution.
Also Im using "http://developers.facebook.com/docs/?u=facebook.jslib-alpha.FB.init" there open source js framework. So things are a little different.
For me, via the opensource js framework, facebook provides and sets a session on my site with a signature. So what I am thinking is to recreate that signature on my side. - if they both match then the user is who he says he is.
So basically if a user wanted to save something to my database, grab the session signature set up by facebook and recreate that signature with php and validate it against the one facebook gave me?
if($_SESSION['facebookSignature'] == reGeneratedSignature){
// save to database
}else{
// go away I don't trust you
}
But how do you regenerate that signature? preferably without making more calls to Facebook?