Failed verification in Firebase with custom domain - firebase-authentication

I have an Imgur link below that shows images of the steps I've taken to set up DNS Settings on a SquareSpace site to get a Firebase custom domain set up. It keeps getting rejected for some reason.
https://imgur.com/a/r092QvI
The first image shows the rejection from Firebase verification team:
The second image shows the domain as I entered it in the 'requesting to get verified' process:
The third image shows the DNS changes to make to my SquareSpace site:
The fifth image shows the DNS custom record entries I added in DNS Settings on SquareSpace:
No idea why I wouldn't be verified after adding these entries. Any suggestions are much appreciated!

Related

New Google Domain won't connect to Heroku

I have followed all steps to set up my own Google domain that I purchased with Heroku. However when I have to enter the Synthetic Record Information I get an error that says:
This synthetic record has an error and will not function correctly:
The SSL Certificate for this domain hasn't been created yet. This process may take up to 24 hours to complete.
I am not sure what I did wrong. I selected to Temporarily redirect, do not forward path, and Enable SSL.
On the Heroku side the ACM status is labeled ask okay but when I click on the link to go to my webpage it does not work and I get an error from the browser that the server IP address cannot be found.
I have set up the CNAME and DNS target correctly as well.
You may need to add Custom resource records not Synthetic Record
And my other suggestion would be using Firebase if you purchased Google Domains.
They work well together. And Firebase provides free SSL too.

How can I resolve SSL Mixed Content issue caused by Gravatar?

Gravatar is causing mixed content issue especially when a user is logged in. For logged out users, there is no issue. My site loses the green Security (SSL) padlock on the browser. For all the pages which logged in Users visit, there is Mixed content. The message on display by Chrome/Firefox usually
that the page was loaded over HTTPS, but requested an insecure image 'http://gravatar.com/avatar/b87daeb6292d165f7bd8db0dbb2e0a8b?s=400&d=identicon'. This content should also be served over HTTPS.
Is there any way to resolve this pls?
This does not happen with my blog. Check out the attached image for more information.
Yes, I faced this error two month back but I resolved it using cloudflare. I made the following two changes to load all the resources including image on https.
In Crypto Page of Cloudflare, changed the setting to always HTTPS and Automatic Redirect.
Made similar change in Cloudflare plugin active in WordPress.
You will find the detailed step by step tutorial on acheving this at below article
How to Fixed Mixed Content Error in WordPress?

Google Picker refuses to load with error "Failed to execute 'postMessage' on 'DOMWindow': The target origin provided"

I am trying to load Google Picker.
I am using this npm package https://www.npmjs.com/package/google-picker
When loading the picker, the auth windows show up, and I can select my Google account.
After auth is done, it tries to open the Google Picker iframe.
It is at this point the iframe fails to load and I get the error
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://docs.google.com') does not match the recipient window's origin
I have searched this issue and many solutions say make sure to add your domain to the authorized JS origins in google console
I have done this! The domain is definitely in the authorized domains for the client. Google sign in works with my app.. but I just can't seem to get the Picker to work.
I have tried both running from localhost and uploading to the server. But I get the same error.
The server I am using is HTTPS. And the iframe URL for picker is HTTPS too. So this should not be a problem.
What else can I try? I am out of options. I am following the API exactly. I have put in all the right keys.
From this SO post answer, it is cited that the issue is with the target origin which is https.
I believe this is an issue with the target origin being https. I
suspect it is because your iFrame url is using http instead of
https. Try changing the url of the file you are trying to embed to
be https.
For instance:
var id = getId(url);
return '//www.youtube.com/embed/' + id + '?showinfo=0&enablejsapi=1&origin=http://localhost:9000';
}
to be:
var id = getId(url);
return 'https://www.youtube.com/embed/' + id + '?showinfo=0&enablejsapi=1&origin=http://localhost:9000';
}
The reason Google Picker was not showing was actually unrelated to the console error.
Even though the console error appeared, the picker still works.
But I thought it was not working because I was using the pickadate library which had css that conflicts with Google Picker.
More info about that issue here: https://github.com/amsul/pickadate.js/issues/619

Chrome - Password/Credit Card input within an iFrame

I am using an iFrame which is hosted on another domain that has an SSL certificate. On the page where the iFrame is used I get 'Not Secure' message next to the domain in Google Chrome and the following warning in the console log:
This page includes a password or credit card input in a non-secure
context. A warning has been added to the URL bar. For more
information.
Note: The iFrame loads an online booking portal which includes both login details and credit card information.
In order to prevent this message from showing, would I need to purchase an SSL certificate?
I'm asking because I don't want to order one if it doesn't resolve the issue, there is a way around this without having to get a SSL certificate or if it's just not worth getting one for this situation.
Your thoughts would be highly appreciated.
Thanks in advance.
To help users browse the web safely, Chrome indicates connection
security with an icon in the address bar. Historically, Chrome has not
explicitly labelled HTTP connections as non-secure. Beginning in
January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords
or credit cards as non-secure, as part of a long-term plan to mark all
HTTP sites as non-secure.
It applies to all sites that are not https.
Do check for any website which have login information and doesn't have https, you can view the username and password in the chrome developer window.
security page documentation

Error: redirect_uri_mismatch

I've been looking for this answer and the other pages didn't help me.
I'm trying to use the google drive api for php. I am trying to test on my local environment and receive this error.
Error: redirect_uri_mismatch
The redirect URI in the request: urn:ietf:wg:oauth:2.0:oob did not match a registered redirect URI
Request Details
scope=https://www.googleapis.com/auth/drive
response_type=code
redirect_uri=urn:ietf:wg:oauth:2.0:oob
access_type=offline
display=page
prompt=consent
client_id=735129338633-0epug8n80jsg0t50ijn7our4a661nnk6.apps.googleusercontent.com
Here is the page for the api:
The url is in
localhost:8888/Spreadsheets/driver.php
What am I doing wrong?
Looks like the current Google OAuth2 integration requires enabling
Contacts API
Google+ API
from the Google Developers Console for the associated Project. In my log I noticed errors liek 403, Access Not Configured. Please use ....
The redirect URI (where the response is returned to) has to be correct and exactly as you registered in the APIs console, and the error is indicating that you haven't done that or you haven't done it correctly.
To get the redirect URI from console:
Go to the console for your project and look under API Access.
Open Credentials section (in left side)
You should see your client ID & secret there, along with there is a
list of redirect URIs. If you want to change it or it was wrong,
click edit settings and modify.
Even if your redirect uri is properly set in the console, a lot of times, when you've recently changed settings in the google dev console, it will still tell you there's a redirect mismatch. It's a surprisingly common occurrence.
You can try...
Waiting; some have had luck with this, indicating that google takes some amount of time to register recent changes.
If you don't mind reconfiguring your app, creating a new client id in the google dev console tends to fix this problem with consistent results.