Yammer JS SDK — problems with CORS - javascript

It seems like something has changed on the Yammer side, because my app (not yet published to the Yammer Global App Directory) has stopped working, resulting in an obscure CORS error, that doesn't tell a thing about the problem.
So the workflow is very simple —
I'm ensuring that user is logged in by calling getLoginStatus() (which pops-up a window and immediately closes it. Irritating, but can live with that)
Sending a request to messages/in_group/ID.json wrapped in a yam.platform.request, as suggested by the Yammer JS SDK manual
Here's the console screenshot:
In the Yammer App settings there's a single Javascript Origin, which is https://buzztale.com, which is exactly the one, the request is made from.
This happened before, but then disappeared itself (really confusing). And now it seems to be back…
Hope somebody has any suggestions regarding this issue. In order to get to the app, here's the URL — https://buzztale.com/yammer.

Same here my dev app started failing sometime today.
It seems that all of the login end points are working as expected however the messages feed is giving me CORS errors.
yam.platform.request({
url: "https://api.yammer.com/api/v1/messages/my_feed.json",
method: "GET",
success: function (user) { //print message response information to the console
console.log("The request was successful." + user.messages);
},
error: function (user) {
console.log("There was an error with the request.");
}
});

Yeah, I'm seeing this on our end too. Seems to be just the GET requests with the messages api endpoint. Like POST / DELETE and Message POST seem to work correctly.
This issue appeared to me around 4PM PST yesterday (7/22/14).

This was a known issue with a recent change on our side, and we have
pushed a fix to production today. Please let me know if it still isn't
working for you. — Nick
So it is an issue on the Yammer side and we can just hope for it not to appear again.

I am seeing this with the notifications endpoint as well. I noticed that the CLIENT_ID is not being appended to the call
https://api.yammer.com/api/v1/streams/notifications.json?&_=xxxxxxxxxx

Related

Google Firebase httpsCallable raising net::ERR_NAME_NOT_RESOLVED

I am running into net::ERR_NAME_NOT_RESOLVED when calling the API of my firebase project. I have tried using multiple devices, two internet connections, a VPN, Linux, macOS, Windows 11 to rule out any errors caused by my devices. When navigating to the API link on my browser it does not timeout, and I am provided with a response. The issue seems to be when using the httpsCallable function provided by Firebase. No logs of the function being called are present on firebase outside of navigating to it in a browser.
Here is my code:
const functions = firebase.functions
console.log(functions)
const loginWithCode = httpsCallable(functions, 'loginWithCode')
loginWithCode(loginPayload)
.then((result) => {
console.log(result)
})
.catch((error) => {
console.log("ERROR CAUGHT HERE")
console.log(error)
});
The output from my browser console:
service.ts:206 POST https://us-central1-%22crowd-pleaser-75fd7%22%2C.cloudfunctions.net/loginWithCode net::ERR_NAME_NOT_RESOLVED
App.tsx:79 ERROR CAUGHT HERE
App.tsx:80 FirebaseError: internal
The result from directly inputting the link on the firebase web interface:
{"error":{"message":"Bad Request","status":"INVALID_ARGUMENT"}}
Is there something I am missing that is creating this issue? I have scoured the internet, and StackOverflow looking for an answer, and all solutions provided have not worked. The method implemented is exactly how it is done on the Firebase docs here
Edit: It seems like the link to which my post request is being sent is formatted oddly. Maybe this could be the issue? I can't figure out why it's formatted this way though.
I found a solution to the problem. My speculation in my edit was correct, the URL to which the post request was being sent by httpsCallable was formatted incorrectly. I am unsure as to why it was being formatted this way, however, the quick solution is to set the customDomain class attribute of the object returned by getFunctions to the correct domain. In my case this was done by doing:
functions.customDomain = functions.customDomain = 'https://us-central1-crowd-pleaser-75fd7.cloudfunctions.net'
The variable 'functions' in the code above is the class attribute returned from the method getFunctions provided by Firebase
The Thing
While I'm not an expert on Firebase the problem is that you're making a wrong HTTP request with loginWithCode(loginPayload), there is nothing wrong with your code that I can see at least.
By the way, you're using:
const loginWithCode = httpsCallable(functions, 'loginWithCode')
rather than a simple const loginWithCode = httpsCallable('addMessage')
as described here: Google FireBase Docs
And then, making a loginWithCode({ text: messageText })
Also, as you can see here: Google Firebase Docs:firebase.functions.HttpsCallable
You will be able to pass any type of data to the HttpsCallable function, so we end at the start point: you're making a wrong HTTP request.
As described in the HTTP answer the error is: net::ERR_NAME_NOT_RESOLVED this happens when a DNS request cannot be resolved, then a domain doesn't exists so this all leads to the thing that there is no way to send the HTTP request since there is not a route in the internet that was found to send it.
The Problem:
While decoding the url that you're making the HTTP request
service.ts:206 POST https://us-central1-%22crowd-pleaser-75fd7%22%2C.cloudfunctions.net/loginWithCode net::ERR_NAME_NOT_RESOLVED
App.tsx:79 ERROR CAUGHT HERE
App.tsx:80 FirebaseError: internal
You will find that you're sending the HTTP request to:
https://us-central1-"crowd-pleaser-75fd7",.cloudfunctions.net/loginWithCode
As you can see, you will find that when making the HTTP request it will be a problem: since you cannot put "crowd-pleaser-75fd7", in the URL to make the HTTP request. That is generating the error net::ERR_NAME_NOT_RESOLVED
I'm not sure what exactly are you trying to do, but I think that the correct URL to the HTTP request should be:
https://us-central1-crowd-pleaser-75fd7.cloudfunctions.net/loginWithCode
With this URL the HTTP request must pass, at least. And I suggest then check the loginPayload in order to fix this.

facebook graph api node.js invalid appsecret_proof

this is my first post so please go easy on me!
I am a beginning developer working with javascript and node.js. I am trying to make a basic request from a node js file to facebook's graph API. I have signed up for their developer service using my facebook account, and I have installed the node package for FB found here (https://www.npmjs.com/package/fb). It looks official enough.
Everything seems to be working, except I am getting a response to my GET request with a message saying my appsecret_proof is invalid.
Here is the code I am using (be advised the sensitive info is just keyboard mashing).
let https = require("https");
var FB = require('fb');
FB.options({
version: 'v2.11',
appId: 484592542348233,
appSecret: '389fa3ha3fukzf83a3r8a3f3aa3a3'
});
FB.setAccessToken('f8af89a3f98a3f89a3f87af8afnafmdasfasedfaskjefzev8zv9z390fz39fznabacbkcbalanaa3fla398fa3lfa3flka3flina3fk3anflka3fnalifn3laifnka3fnaelfafi3eifafnaifla3nfia3nfa3ifla');
console.log(FB.options());
FB.api('/me',
'GET',
{
"fields": "id,name"
},
function (res) {
if(!res || res.error) {
console.log(!res ? 'error occurred' : res.error);
return;
}
console.log(res);
console.log(res.id);
console.log(res.name);
}
);
The error I am getting reads:
{ message: 'Invalid appsecret_proof provided in the API argument',
type: 'GraphMethodException',
code: 100,
fbtrace_id: 'H3pDC0OPZdK' }
I have reset my appSecret and accessToken on the developer page and tried them immediately after resetting them. I get the same error, so I don't think that stale credentials are the issue. My
console.log(FB.options())
returns an appropriate looking object that also contains a long hash for appSecretProof as expected. I have also tried this code with a number of version numbers in the options (v2.4, v2.5, v2.11, and without any version key). Facebook's documentation on this strikes me as somewhat unclear. I think I should be using v2.5 of the SDK (which the node package is meant to mimic) and making requests to v2.11 of the graph API, but ??? In any case, that wouldn't seem to explain the issue I'm having. I get a perfectly good response that says my appSecretProof is invalid when I don't specify any version number at all.
The node package for fb should be generating this appSecretProof for me, and it looks like it is doing that. My other info and syntax all seem correct according to the package documentation. What am I missing here? Thank you all so much in advance.
looks like you have required the appsecret_proof for 2 factor authorization in the advance setting in your app.
Access tokens are portable. It's possible to take an access token generated on a client by Facebook's SDK, send it to a server and then make calls from that server on behalf of the client. An access token can also be stolen by malicious software on a person's computer or a man in the middle attack. Then that access token can be used from an entirely different system that's not the client and not your server, generating spam or stealing data.
You can prevent this by adding the appsecret_proof parameter to every API call from a server and enabling the setting to require proof on all calls. This prevents bad guys from making API calls with your access tokens from their servers. If you're using the official PHP SDK, the appsecret_proof parameter is automatically added.
Please refer the below url to generate the valid appsecret_proof,and add it to each api call
https://developers.facebook.com/docs/graph-api/securing-requests
I had to deal with the same issue while working with passport-facebook-token,
I finally released that the problem had nothing to have with the logic of my codebase or the app configuration.
I had this error just because I was adding intentionally an authorization Header to the request. so if you are using postman or some other http client just make sure that the request does not contain any authorization Header.

Android HTTP GET cookie / javascript issue?

I wrote an Android app that should 'connect' to a (private) forum using HTTP GET (and sometimes POST) requests. The basic idea is as such:
Login page where users submit their credentials. Login is performed by doing a HTTP POST (tried GET too, same result) to the Login page of the forum, with their username and password as the parameters. The request should return some cookies that I store in a BasicCookieStore.
Every page of the forum they want to visit is retrieved using HTTP GET. I parse the HTML source that I obtain and show them only the relevant info. In order to authenticate the users, the same BasicCookieStore that I used for login (step 1) is set as the cookiestore for the HttpClient.
This method has been working all the time during my testing, and has worked for my beta testers too. Now that I released the app, it became apparent that many users were having issues, especially on mobile connections (Wifi seems to be no problem).
By logging the HTML source that was returned in all the HTTP GET requests, I have a strong suspicion that the actual login works fine, but somehow the cookies don't get returned or stored or something in that direction. The problem is that the HTML source of the first page they will receive should be the list of forums. In the case of users with problems however, they get served a page that basically reads "You must enable Javascript to view this page".
The strange thing is, I don't receive that page when testing, nor do many of my users. Even worse: some users are now reporting it worked fine for them for days or weeks, and has now stopped working. Others have the exact opposite: not working for days, suddenly working now. One user has reported he was in Greece for 2 weeks, where it worked flawlessly, then he got back to Germany, and it stopped working again.
There seems to be a random component at play here.
I have tried various things, mostly with the way I do the HTTP GET requests. I started out using the normal DefaultHttpClient, with various settings, such as this:
HttpClient httpClient = new DefaultHttpClient();
// Define parameters
HttpParams httpParams = httpClient.getParams();
HttpConnectionParams.setConnectionTimeout(httpParams, TIMEOUT);
HttpConnectionParams.setSoTimeout(httpParams, TIMEOUT);
HttpProtocolParams.setVersion(httpParams, HttpVersion.HTTP_1_1);
// Set cookiestore (getCookieStore returns the same cookiestore)
HttpContext localContext = new BasicHttpContext();
localContext.setAttribute(ClientContext.COOKIE_STORE, getCookieStore());
HttpGet http = new HttpGet(url);
http.addHeader("Accept", ACCEPT_STRING);
http.addHeader("Content-Type", "application/x-www-form-urlencoded; charset=utf-8");
// Execute
HttpResponse response = httpClient.execute(http, localContext);
//... Process result (omitted)
Now I have switched to using AndroidHttpClient instead, with the rest of the code basically unchanged, and seem to get the same result.
I have also tried using the AsyncHttpClient library, which works quite differently, but once again the same result. I tried using its PersistentCookieStore as well, and you guessed it - same result.
I am clueless at this point. Am I looking in the wrong direction? The fact that a website would respond with "you need to enable Javascript" for some users but not for all seems to indicate an issue with cookies. I don't know how a website determines if javascript is enabled, but surely with a HTTP GET request there is no javascript at play. So why do I (and many other users) get to the page without any problems, while others get the 'no javascript' message? The only reason I can think of is cookies, but I have no clue what the problem exactly is.
Any help would be much appreciated!
I doubt the problem is cookies. More likely is a network configuration problem.
For example, your user might have connected to a wifi hotspot with a captive portal page (which uses javascript to make you sign in before you can use the hotspot). In this case they should first open the browser, try to browse to (e.g.) http://google.com, get redirected, sign in, and then launch your app.
Or, your user might be connecting through a proxy. Many mobile carriers around the world will proxy their users' HTTP connections, sometimes doing horrible things to the content. Switching to HTTPS might help with that.

Salesforce: URL Rewriter & JScript Remoting: Exception parsing json response: 'Unexpected token <'. Logged in?

I am getting an error when I use JavaScript remoting and have my URLReWriter turned on on my Force.com SIte. The error does not occur when using JavaScript Remoting with the URL ReWriter turned off.
The error is as follows
Exception Error parsing json response: 'Unexpected token <'. Logged in?
I'm confused as to why this is occuring. If I have no checks for being logged in in my URL ReWriter (or visualforce page) why should this occur?
Has anyone ever come across something similar to this before? I noted the following https://salesforce.stackexchange.com/questions/4112/possible-oauth-remote-action-bug but in my case I am not using authentication on my site for the test page that I created & I'm wondering why it mentions "login".
Is it possible that URLRewriters and JavaScript Remoting currently do not work together in general?
Thanks in advance for any help on this.
Can you try debugging it server side? Add "your_site_name Guest User" to the debug logs and try the action. If you're lucky you'll see something going wrong (in the remote action? in rewriter?) and I suspect this uncaught problem causes a redirect to maintenance page (which will be HTML, not JSON)...
If not - use Firebug or similar tool to inspect request & response in detail? Or event.status?
Can it be something related to permissions? http://www.salesforce.com/us/developer/docs/pages/Content/pages_js_remoting.htm Or if you're returning html - I think you should have {escape:true}?
Does it happen in any browser? Maybe something doesn't like redirects caused by the URL rewriter. I've seen cases (not with Salesforce though) that antivirus software sometimes was adding some strange javascript at the end of certain websites and they had to be whitelisted...
The error may also happen due to parser error when page recieves status message from remote action function.
For example i tried Remote Action with attachment
#RemoteAction
public attachment attach(String body){
attachment a=new attachment();
a.body=body;
a.name='a.png'
insert a;
return a;
}
On the above code i receive error since SFDC does not parse the attachment object.SO if there are parser errors we get this message .
As a workaround i send as a wrapper .Hence i would suggest to investigate the return parameter of remote action and also wrapping it as workaround .
Hope this helps

Facebook Credits Demo Application returning error

We are participating in the Facebook Credits beta. After approval of our live app, we followed the steps from the API page to set up the demo application:
http://developers.facebook.com/docs/creditsapi
However, whenever we submit with the "Pay with Facebook" button, we are getting back error 1383008 ("The application you are using is not responding").
We've checked the server logs and confirmed that all necessary params are passing to http://apps.facebook.com/ajax/flows/?__a=1 as expected. We've also confirmed that the callback URL (callback.php from the demo app files) is never being hit.
Just to be certain this isn't a compatibility issue with the new JavaScript SDK, we set up the demo using the old JS SDK and got the same error.
Has anyone else experienced this issue with running the demo application (using either version of the SDK)? If we can't get the demo to run, we can't implement this feature in our live app.
Here is the request sent to the server (app ID removed):
deadbeef=2386512837&app_id=OUR_APP_ID&api_key&receiver=0&order_info=%7B%22title%22%3A%22BFF%20Locket%22%2C%22description%22%3A%22This%20is%20a%20BFF%20Locket...%22%2C%22price%22%3A%2210%22%2C%22image_url%22%3A%22http%3A%2F%2Fwww.facebook.com%2Fimages%2Fgifts%2F21.png%22%2C%22product_url%22%3A%22http%3A%2F%2Fwww.facebook.com%2Fimages%2Fgifts%2F21.png%22%7D&place=app&credits_purchase=false&flow_type=BuyItem&__d=1&post_form_id=57484628313c8345bd4e904f684e43e5&fb_dtsg=1GSvy&lsd&post_form_id_source=AsyncRequest
Here is the response returned:
for (;;);{"error":0,"errorSummary":"","errorDescription":"","errorIsWarning":false,"silentError":0,"payload":{"secure":false,"handler":"","title":"Application Error","userData":{"fbpayments_error":"{\"error_code\":1383008,\"error_message\":{}}"},"body":"<div class=\"pam uiBoxRed\">The application you are using is not responding.<\/div>","buttonsMessage":null,"buttons":"ok"}}
We have updated the Facebook Credits API sample application and documentation. If you are still having issues, please post your frontend code as well as your callback and we can take a look.
I was also having the same issue.. I was able to fix this. This error occurred for me was due the wrong call back url. I used my local_url
'http://localhost:3000/blabla'
instead of using
http://apps.facebook.com/application-name/

Categories