I used plone 4.3 my site name is localhost:8080/alpster. I created sample page with facebook login.now when i click login button I got error like
Given URL is not allowed by the Application configuration.: One or more of the given URLs is not allowed by the App's settings. It must match the Website URL or Canvas URL, or the domain must be a subdomain of one of the App's domains.
my configure settings :
developer.facebook.com--->>>settings----> basic
namespace="alpster-login"
App Domains=alpster
Contact Email=my valid email
Site URL=localhost.com:8080
any one can solve my problem
Might not be able to use localhost, but I can't remember specifically.
If you are using localhost, you can't use .com in the appdomain. If doesnt let you do otherwise, then that means you must use an actual domain, not localhost. Use something like http://localtunnel.me/ to get around this.
Otherwise, just need to make sure the canvas & web urls match each other.
Related
I am using React and I am getting the document referrer using
document.referrer
However when I am directed to my url from google.com, I am just getting the domain in document.referrer instead of something like this: https://www.google.com/search?q=fb&rlz=1C1CHBF_enIN850IN850&oq=fb&aqs=chrome.0.69i59j46i199i291i433j0i131i433l2j0i395j69i60l3.1007j1j9&sourceid=chrome&ie=UTF-8.
Is there someway I can get the entire URL including pathname and query string? Thanks in advance.
Websites can set a Referrer-Policy. If they don't then, as of version 85, Chrome defaults to strict-origin-when-cross-origin. (Other browsers will have their own defaults, but Chrome's marketshare makes it worth highlighting)
This means that the referrer information will include only the origin and not the full URL.
This is a feature designed to protect the user's privacy.
There is no way around it unless you control the site that controls the link (in your example: www.google.com).
I was setting up an API key for a site with the swedish charachter ä in the domain name (http://sälja.io) but it did not initialize the recaptcha.
Then trying an api key for the equivalent url http://xn--slja-loa.io which worked when reaching the site from http://xn--slja-loa.io but not http://sälja.io.
Then I found the secure token which should work on all domains. It initialized the recaptchas on all domains and was also working on all tested domains, except the one with ä in it.
https://developers.google.com/recaptcha/docs/secure_token
Is there any way to get it working also with ä in the domain name ?
Edit
Since an api-key for http://xn--slja-loa.io is working from android when accessing the site from http://sälja.io, it might be how the browser interprets the domain. Eg. firefox interprets http://sälja.io as domain http://sälja.io and cannot get a response from google servers that will not allow ä in domain names. Android inteprets http://sälja.io as http://xn--slja-loa.io and will get a response since it's not containing ä. Any thoughts about this ? Is there any way to force the browser to interpret http://sälja.io as http://xn--slja-loa.io ?
Edit2
Code examples can be reached on sälja.io/test, 178.62.187.163/test and xn--slja-loa.io/test
Edit3
As of today (25.11.2015) it seems not to be possible to use recaptcha with a special charachter like ä in the domain name. Since aishwat singh have been helping the most to coming to this conclusion within the time for the bounty he will be rewarded, however an answer will be accepted when a solution can be provided for this problem.
I tried it just now and I am able to generate key for example-ä.se 6Ld8VRETAAAAALRXFNxmjEeVzbg2y5vdWv7THwJz
will post a complete working example shortly
EDIT 1
Here's git repo for code and same running on heroku
Ok it's not a complete fix because i used herokuapp.com as domain so example-ä.herokuapp.com becomes a sub domain and works
(however when earlier i tried it created a key for example-ä.se too but on loading page at captcha it gives invalid domain, figured out that was original issue, i thought you were not able to generate key for this domain)
Will try for a complete fix
EDIT 2
Btw you can specify your domain ip too, check this discussion
For me heroku free account doesn't provides ip of domain so it's difficult for me to test it
Also i was reading this thread
Figured out if i specify domains list as just com it accepts. In your case, just specify se as domains and it should work , google doesn't checks out exact url it just checks domain
Hope it helps, Will look into stoken approach too
you can read this post:
http://webdesign.tutsplus.com/tutorials/how-to-integrate-no-captcha-recaptcha-in-your-website--cms-23024
.....................
This applies both to Android and iOS. My web page may be sometimes opened by an app (you go to the app, and click a link there which opens the page).
I want to know if the page was accessed through an app or if the user got to it, let's say, by typing the address on the browser.
If accessed through an app, I don't need to know which app it was.
The only thing I know of is document.referrer, but it seems to return "" when the page has been opened by the app. Unfortunately using "" as an indicator is not possible, as other ways of getting to the page may also show "" (for example typing the address). The history object does not seem to contain the info I'm looking for either.
I am using a Zendesk Help Center, so I only have access to the javascript of the page in order to detect this. I can't make changes on the server-side of my page.
Alternatively, I may be able to talk to the people in charge of the app so that they include something when the app opens the browser which would allow me to access that info on the browser, but I am not sure what that could be. Any ideas?
Thank you!
It seems to me like your best bet would be to have specific links for your site that will let you know that the link came from the app.
Like so: http://www.yoursite.com/?openedFromApp
You will use those links inside the app that will be directing users to your website.
That way, if you were using PHP as your server-side language you'd be able to check if the openedFromApp URL parameter was set like so:
<?php
if(isset($_GET['openedFromApp'])) {
echo "The website was opened by an app";
}
else { echo "The website was opened normally"; }
?>
If you want to check if the openedFromApp URL parameter is set using Javascript you'd have to create your own function for accessing URL parameters as Javascript does not have a built-in way of accessing them.
But this link could help you access the URL parameters with Javascript: https://stackoverflow.com/questions/...
Brief Idea: I am building script for protecting my webdesign work by locking them on Single domain. If website is uploaded on different domain, It will redirect to my website. Means it won't allow to load actual website from different domain except I specify them.
My Working Script:
-- DECODED SCRIPT --
[]['constructor']['constructor'](self['unescape']('if(~location.protocol.indexOf('http:')&&~location.host.indexOf('isupportu.in')){}else(location.href='http://iamwebdeveloper.in')'))()
Here on above code, I am allowing my work to load on "www.abc.com" with http protocol only.
However it won't work if we load website without www i.e. "abc.com".
www.abc.com --> Website load
abc.com --> www.iamwebdeveloper.in
xyz.com --> www.iamwebdeveloper.in
www.xyz.com --> www.iamwebdeveloper.in
I decided to use .htaccess / web.config file to force redirect domain without www. request to www.abc.com [which is working very well]
But now I want to upgrade this script and I need your help:
Don't want dependency on .htaccess / web.config file for redirecting non www. request.
www. and non www request should accept, but no subdomain allow. For e.g. subdomain.abc.com is not allowed.
I want to add multiple domains in script for big clients who has multiple domain for their single website as Addon domain. I want to add more domain in above script.
Can someone help me to validate this script for my above logic ?
[]["constructor"]["constructor"]
(
self["unescape"]
("<!-- I WILL USE THIS CODE AFTER CONVERTING TO ESCAPE TEXT AND IGNORE THIS COMMENT -->
if (location.protocol.indexOf("http:") && ( (location.host.indexOf("isupportu.in")) || (location.host.indexOf("paytronicindia.com")) || (location.host.indexOf("paytronicworldwide.com")) || (location.host.indexOf("paytronicnetwork.com")) )
){}else(location.href='http://iamwebdeveloper.in')
")
)
()
It looks like your real question is something like "How can I check in JavaScript whether the hostname of the current page is one of a specific list of domains, with or without a www. prefix?"
There are many ways to do that, but one fairly simple one would be to match a regexp against location.hostname:
var re = /^(www\.)?((site1|site2|site3)\.in|(site4|site5)\.com)$/;
if ( !re.test( location.hostname ) ) {
location.href = 'http://yourwebsite.in';
}
Obfuscating that is left as an exercise.
I found an nice script while searching and inspecting the elements of some websites.
This is what I have found:
<script type="text/javascript">
//redirect browser to fullscreen preview
if (/^http:\/\/codecanyon\.net/.test(document.referrer))
window.top.location.href = 'http://www.gravitysign.com/backslider/';
</script>
So if I understood from this script it tells jquery if the website is opened over codecanyon redirect them to specifed website for preview.
Now... I was wondering if there is possibility to make something like this.
If we specify an website for example http://google.com and we input that into javascript... And then if that website is uploaded to any other domain, other then google.com ... It will redirect to specified site (google) ?
So to clear things out a little bit let me make an example.
If I made a website for "an-website.com" and then someone take their website and upload it to "another-website.com", it will automatically redirect all visitors from another-website.com to an-website.com.
Hope I was clear enough and hope that this is possible. Cheers!
You can of course redirect any user accessing your site from a domain not matching yours but using javascript. This should work just fine:
if (window.location.hostname !== 'yourdomain.com'){
window.top.location.href = 'http://yourdomain.com';
}
You can also use match, if you host your site on a subdomain, etc.
Keep in mind that any person with write access to the file on the server will be able to remove this "copy protection". Copy protecting client side content is impossible, as you need to serve the content in a way a browser understands, effectively making the content available to anyone.
If you are looking for solution for single domain protection, here you can see my
Redirect Website if its not specified domain in script - Protection using Javascript
I am looking for solution for multiple domain.