JSSDK Unknown Host domain in Facebook Application - facebook-javascript-sdk

We are using our subdomains dynamically with dynamic prefix from client and use those domains for facebook login but suddenly after their new policies from 1st Aug we are getting error message.
I am not able to add subdomain like *.thebestlisting.com because facebook have restricted to use wildcard characters and use absolute domains only.
Can someone suggest me any alternative option to use my all subdomains with dynamic prefix and how I can cover it with Facebook application.

Related

Why is SSL on my domain active only in certain scenarios?

I have purchased a domain name successfully on google domains. I have the website and server deployed on Heroku, which has provided us with a DNS target and a positive ACM status. When navigating to the site by clicking the link provided by the google search, SSL is not active. However, typing into the address bar "https" will cause it to use SSL as will just typing [domain-name].ca, BUT typing "http", it will not use SSL. Why is google defaulting to the non-SSL version?
I have set up the synthetic record:
#.[domain-name] -> https://www.[domain-name].ca
on google domains
Shouldn't this forward every request to https?
I do not have any http calls in my code.
Depending on what enviornment you are using, you need to enable force ssl config.
Rails
Use config.force_ssl = true in your config/environments/production.rb or similar.
Node (Express.js)
Use a package to set this up for your app. Some options can be found here: https://www.npmjs.com/search?q=express+ssl
PHP
You can add directives to the .htaccess file at the root of your project to do this. See this SO post for an example https://stackoverflow.com/a/34065445
Django
Set SECURE_SSL_REDIRECT to True.
Flask
You can use https://github.com/kennethreitz/flask-sslify to handle this for you.

Can't update app registered in Microsoft Application Registration Portal

I have an already registered app in the site https://apps.dev.microsoft.com. I want to add another redirect URL but when I tried saving I get this error:
There's a temporary problem
There's a temporary problem with the service. Please try again. If you continue to get this message, try again later.
I have also tried using a different browser and clearing my cache but I still get the error.
I also tried registering a new app and I still get the same error. I have been getting the error for several days now and I was wondering if anybody knows a solution.
Thanks!
There are several restrictions on the format of the redirect URI that is allowed
Currently, apps that are registered in the Application Registration Portal are restricted to a limited set of redirect URI values. The redirect URI for web apps and services must begin with the scheme https, and all redirect URI values must share a single DNS domain. For example, you cannot register a web app that has one of these redirect URIs:
https://login-east.contoso.com
https://login-west.contoso.com
The scenarios that are accepted are when the DNS name matches exactly. Examples:
https://login.contoso.com
https://login.contoso.com/new
https://new.login.contoso.com
See all the v2.0 limitations

Redirecting from subdomain to query string

There is a list of options in my website home page - for example, http://example.com. When a user clicks on option1, I want to show the URL as http://option1.example.com and not http://example.com/xyz.php?opt=option1. Any help or guidance would be appreciated.
You will either need to create a subdomain for each option and then provide the required code at that subdomain. how you set that up varies by hosting provider.
Do you really need a seperate subdomain per option?
Could you use http://abc.ca/Option1/ or http://abc.ca/Options/1/ instead?
If not you will need to contact your hosting providers about creating subdomains option1.abc.ca etc and where to put your php pages.
If you are hosting your own server with apache, I think it is possible to use a * dns entry to accept all subdomains and then you can use $_SERVER variables to get the domain being requested.

Can I mix top-level domain with subdomain applications on Heroku using "Custom Domains" add-on?

According to heroku, http://addons.heroku.com/custom_domains
"The wildcard domain add-on enables you to use *.yourdomain.com. You can have as many wildcard domains as you like on one app."
Let say i have a domain call abc.com
can i use abc.com for 1st rails app, another.abc.com for 2nd rails app, another2.abc.com for 3nd rails app? this 3 rails is separate/different heroku rails app? i would like to know cause heroku say "as many wildcard domains as you like on one app."
Yes, this should be possible. You can condense your apps basically into 1 (if even necessary), and follow the guide here
http://www.railsdev.ws/blog/10/using-subdomains-in-rails-apps/
to learn how to route based on subdomains.
If you have 3 separate applications on Heroku as you describe then you just need a single custom domain per application (ie not the wildcard addon). If you use the wildcard domain addon to add say *.mydomain.com then you will not be able to use the same domain (mydomain.com) for any subsequent applications you host on Heroku.

Using Apache's mod_auth across multiple sub-domains for single sign-on?

I have a domain and a group of sub-domains that require authentication to access. I am currently using mod_auth to authenticate users (mod_auth basic) at the domain.tld level. My goal is for single sign-on between the domain and all the sub-domains.
Will these credentials carry on to the sub-domains automatically, or with a simple vhost config change, or is there a better method to do this?
mod_auth_basic
Browsers distinguish areas that require HTTP authentication by a combination of the URL root and the name of the authentication realm.
Take for example, two domains each with a realm with the same name:
http://one.example.com/ with the realm "Please enter credentials!"
http://two.example.com/ with the realm "Please enter credentials!"
First a user visits one, is asked for credentials and enters them. Then the user visits two, the browser recognizes that the URL is different and thus asks again the user for her credentials.
This is a good thing, because otherwise www.badguy.com could set it up so that your browser sends over your online banking login.
In short: there is no way to solve your problem with basic HTTP authentication and standard HTTP clients.
mod_auth_digest
You could use mod_auth_digest instead, since with that you can specify more than one URI to be in the same "protection space". However, with this authentication method there are two new problems:
It doesn't scale very well, because you cannot use wildcard domains.
Browser compatibility is not as good. (See the documentation on how to make it work with IE.)