Facebook Javascript - URL not allowed - javascript

can someone tell me why I am getting this Error:
One or more of the given URLs is not allowed by the App's settings. It
must match the Website URL or Canvas URL, or the domain must be a
subdomain of one of the App's domains.
At my facebook app I tried some URLs like "example.com", since I do not have a server to upload my stuff yet.
But I have used some App Ids that work for sure and still get the error, so I need to add something to my html stuff?
Thanks for any help. :)

You need to provide the URL of the actual app that you're using to access your facebook app using the API. Even if it is localhost, you need to set the correct URL in order to be able to test.
Check the FB developers documentation for more details

In Canvas URL at the end add / and if you're using a Tab than the filename must be specified

Related

Paypal - customize return url with dynamic params

I set up a button to connect with Paypal on my website.
BUT
I would like to pass some parameters in the return url, it seems that it is not possible. I have read the documentation 10 times and got no more informations.
https://developer.paypal.com/docs/log-in-with-paypal/
For example = https://returnurl?id=12345.
Does anyone know if this is possible and who has done it before ?
Thank you..
If you set a Redirect URL in the app without the parameters and it works, does adding the parameters on to that working base URL (only to the redirect_uri in your code) not work?
If not, then assuming they are being redirected back to a page on the same server they started at, the other best/simplest solution is probably to use a webserver session to story any additional info of this type so it's available on return pageload.
If it's pure client-side JavaScript then browser local storage could work, though it's strange to have to resort to that and Log in with PayPal requires server calls to do anything useful with an authorization_code anyway.

Need fo get the domain from which the user landing to my website?

I am sharing one url link in different social media platforms. I need to find from which domain the user has landed to my website page. is there any possible way for finding the base url of social media plotforms.
Thanks in advance.
You can add parameters to URL. Something like www.example.com?source=facebook etc., change the parameter before sharing the link.
This can be found from the documentation regarding META attribute from the HTTP Request here.
To access this in a template you can do so like:
{{ request.META.HTTP_REFERER }}
You could create a link back to something like:
PAGE FROM REFERRER
Django comes with an optional “sites” framework. using site we can get domain name from request which the user landing to my website?
django.contrib.sites.shortcuts import get_current_site
current_site = get_current_site(request)
domain_name = current_site.domain
Django site Framework

Check the file type returned by an HTTP GET request

You would think my problem would be so commonplace that there would be solutions all over the internet for it. But I can't find anything that really answers my question.
Let me summarise my situation:
I am using Open UI5.
I am coding an app which retrieves documents from various external websites. I want to display these documents inside my app, and not navigate to them, so I display the documents in an iframe. Haven't found any other way.
Some filetypes can be displayed natively, such as PDFs. Others, like Word, cannot - the easiest way I have found of displaying these is by using Google Docs, which implies changing the URL of the iframe's src from this :
http://example.com/my-target-doc.docx
to this:
http://docs.google.com/gview?url=example.com/my-target-doc.docx&embedded=true
Some of the external domains I retrieve the documents from require authentication. Therefore, I cannot set the iframe's src to http://docs.google.com/gview?url=example.com/my-target-doc.docx&embedded=true directly - Google docs would attempt to display the authentication page. I must keep the original URL, and then, once the user's authenticated, replace the document URL with the Google docs version of the same URL.
What I am trying to do, then, is use the iframe's "onload" event to get the currently loaded page's address and, if it is a .doc/.docx/.ppt etc, replace that same URL with the GD version of the URL.
The difficulty is that there is no extension at the end of the URL which points to the document - none of the URLs I need to use end with ".doc", ".ppt" or whatever, so parsing the URL is out.
So this is my question : Is there a way in Javascript to get the type of the content being returned? To be fair, I am pretty doubtful there is. Other ideas or alternatives are welcome. I am still actively looking for some.
Thanks!
Did you already look at the Content-type HTTP header? This can be read with JS, but you probably have to request the file asynchronously for that.

JavaScript: 404 page, how to get the requested url?

I'm hosting few static web pages on GitHub (gh-pages). If the user tries to access a page which isn't available, he/she is moved to a custom 404.html.
What I'm wondering is if is it possible to access the original requested URL from the custom 404.html, using just JavaScript? There's no PHP nor any other server side technology available.
I've looked at the JavaScript's Location-object but that seems to give only the access to the current URL (in this case the 404.html) but not to the original requested URL. What I'm trying to achieve is a 404.html which gives suggestion like "Did you mean to access url ..." to the user but in order to do so, I need the access to the original URL.
your only hope would be document.referrer but of course GH would need to set it, which is highly unlikely for any page returning a HTTP 404 out of a request ...
You need to look at the url in document.referrer
Because the user is moved by the server to a 404 page, JavaScript cannot know abot the requested url.
It may be posible if you add in .htaccess to redirect the user to a page with the url: page.php?url=requested_url , then the requested_url appears in the address bar, which can be read by javascript.
I've tested this with a custom domain and location.href will actually give the current url, which in this case is the faulty one. So, while document.referrer will only give empty string, location.href will give the url you want.
I'm wondering if this has to do with what kind of GH pages you're hosting as well as if you're using a custom domain. My understand was, however, that it was only possible to serve a custom 404.html using a custom domain.

How does LinkedIn know or keep track of where I embedded its widget?

When you try to integrate with LinkedIn's Apply Now button, you first sign up for an API key. The form asks you to enter the Javascript Domain API, which is the Fully-qualified domain name of all pages that will call the JavaScript API with this key. In return, it produces an API key and some HTML code for you which you can copy n paste to your web page and get started.
This is the code their wizard produced:
<script src="http://platform.linkedin.com/in.js" type="text/javascript">
api_key: 7a4ghb12agvda4552da
</script>
<script type="IN/Apply"
data-companyname="Asd"
data-jobtitle="Software Developer"
data-joblocation="Istanbul"
data-email="abc#xyz.com">
</script>
Now, how does one keep track of where this script is embedded? I first entered http://example.com as the my Javascript Domain API. It turned out that I can only use this widget on the example.com domain.
What's inside in.js that tells LinkedIn where it is embedded?
The reason I'm asking is because I am also building a widget myself, and I want to make sure only the signed-up domains can use my widget.
Edit: As a bonus, what if I download in.js, remove the part where it does the domain check and include my own version of in.js in my page? How do they prevent that?
A LinkedIn employee mentions that both client-side and server-side checks are done. But what kind of a check would that be? I am looking for some deep insight into the issue. How can I produce such a widget? On the client-side, how do you check the current page that hosts your .js file? And how do you get which domain is hosting the js file?
Any help appreciated. Thanks.
The LinkedIn Javascript framework won't work if you make a local copy of in.js - the backend server (which in.'s calls) checks to make sure that the in.js is coming from the correct server as well as checking to make sure that the framework will only work on the specified domain(s).
This question was asked/answered here:
https://developer.linkedin.com/forum/security-prevent-impersonations
in.js has a script which adds another script tag into the DOM. It passes the API key (probably as a GET parameter in the script's URL), then the server checks the HTTP referer (which is a standard HTTP header browsers send indicating the website which sent them to get that page) and checks if it matches the API key in the database.
A simpler version would contain something like this:
document.write('<script src="http://mysite.com/api.js?key="' + api_key + '></' + 'script>');
Then on the server, something like this pseudo-code:
var expectedDomain = queryTable('apikeys').equal('key', GET('key')).field('domain').run();
if (expectedDomain === parseDomain(http.referer)) {
respond(myscript);
}

Categories