I'm playing around with the plaid api. I have the sandbox working and wanted to start using real data. That would require https. I need to get local host "secure".
I've tried following a few tutorials online with no luck, mkcert...
Any help with that or another method to use plaids api with development data would be greatly appreciated!
Thanks!
The instructions in this Stack Overflow answer worked for me: Starting a react app in HTTPS instead of HTTP
Also, one thing you can try -- definitely not recommended as a long term solution, but if you really just want to mess around with a couple of accounts in Development, it's ok -- you could skip the OAuth setup and do it later, since IIRC it's only OAuth that requires https. But make sure to implement OAuth before going to Production!
Related
i am using React Native with Firebase and i am trying to upload app to testflight to Itunes Connect. The encryption question popped up and i have no idea what to select. I did some research on ATS and encryption. I am assuming that firebase is using HTTPS calls ? If that is so, then i need to probably select that i am using encryption.
In which case i am asked, if i qualify for exempt or not.
I have truly no idea what these options mean and if any of that applies to me. It seems rather over complicated, which would be ok, but i have hard time understanding what applies to me.
I mean this sentence seems about right:
"Limited to authentication, digital signature, or the decryption of
data or files"
But maybe i am missing something ?
or this:
"Limited to “fixed” data compression or coding techniques"
Limited to coding techniques ? No idea.
So if i have basic app using Firebase for storing data about user/authentication etc am i using HTTPS ? Also am i then exempt or am i supposed to send them year-end file which i have no idea what means ?
On top of it React Native official documentation mentions that you are supposed to allow ATS, meaning you would definitely have to say you are using encryption, but then does not mention anything about encryption.
Here under Enable App Transport Security Link
I will welcome any explanation whatsoever as i feel kinda lost here.
Thanks
So your question is a bit off. ATS is an enforcement technique Apple uses to try to ensure any network connections your app make are protected using HTTPS (and other more rigorous requirements, like TLS version, forward secrecy, etc.). So ATS will try to force you to use HTTPS. Whether your React Native app actually uses HTTPS is up to you to know.
Basically, you can have ATS enabled, but add an exception to the one domain your app comminucates to allow the app to make those calls using HTTP. In that case, your app does not use encryption, so you can answer no to that question.
However, if you access any network resource with using the https protocol, you have encryption, but it qualifies as an exempt form of encryption.
You can simply add the following to your Info.plist:
<key>ITSAppUsesNonExemptEncryption</key>
<false/>
Unfortunately, that is not all. However, the good news is that if you are just using https, you will have a simpler process than if you are doing your own encryption / decryption.
As you can see in this page, you only need to submit a self classification report. It's relatively easy and you don't need to provide any additional documentation to Apple.
Your app uses ATS or makes a call to HTTPS:
No documentation required in App Store Connect. Submit a Self
Classification Report to the U.S. Bureau of Industry and Security
(BIS) directly.
Also, you can find more information about submitting that BIS form here: https://stackoverflow.com/a/45888609/3708242
I'm attempting to create a small website using Directus as a back end, since it has a nice interface for managing a database. The front end will be coded in VueJS, and I'd like them both on the same site. I'm using Apache. For example:
www.example.com = VueJS frontend that pulls information from the Directus backend
www.example.com/admin = Directus admin link
www.example.com/api/[whatever] = RESTful api access
I've messed around with virtualhosts a bit but I can only move the entire directus app to a different port, which I don't want to do since I don't want admins to have to type the port number in manually if they want to access the example.com/admin interface.
I think you can put the API on sub-domain like api.example.com that way both will be available on the same server.
I am just starting with the Directus and met with the same issue of putting both components and thought to put as written above.
If you followed some other approach, pls post here so that it can help people like me.
I have created a small mixin library for Vue.JS 3 and Directus API that makes it easier for developers to make API calls quicker and with almost no code needed.
It supports fetchCollection, fetchBtId, Sort, Filter and Search API endpoints.
Check it out. Hope it helps anybody in the future.
https://github.com/Slaveworx/api-rabbit
I'm using linkedin login on my website. Everything was working until last week, when it started returning "504 Gateway Time-out" error. I did not change anything in my application settings on linkedin developer site nor in my application code. Weird thing is that it still works fine on localhost, but on production it returns error described above. My question is:
Is it more likely to be a problem on Linkedin side? Because for me it seems that my website is trying to connect to linkedin API but it never gets a response.
Unfortunately I have not found any address that I could contact regarding this problem. Is there any linkedin support for this ? Or have any of you were experiencing similar problem?
Thank you
I had the same issue the solution was to set the header Content-Type to application/json.
The LinkedIn Developer API appears to be down. Requests to:
api.linkedin.com/v1/people/
are failing consistently.
And while this might be a separate issue, it's worth noting that the documentation for integrating with their OAuth2 service is no longer accessible at https://developer.linkedin.com/docs/oauth2.
This is just a quick question really for my own peace of mind more than anything.
When accessing an app hosted on Heroku through https://myapp.herokuapp.com I get a warning in Google Chrome and Firefox (but not Safari) along the lines of:
You have requested an encrypted page that contains some unencrypted information. Information that you see or enter on this page could easily be read by a third party.
I don't really want to pay the $20 a month for the SSL-Endpoint addon and was just wondering why these warnings appear and whether there was a way around it/how to find the content that is unencrypted.
I have tried both with and without config.force_ssl = true
Any suggestions? Any help would be appreciated
Turns out that this was an issue with a request from Google maps.
As far as I can remember, they changed their API to allow access over https:// after we began development.
It was simply a case of following the new process that was documented on the Google API page
I've been trying to develop a facebook app. But since 1 oct 2012 facebook needs secured (https / SSL) connections. before i start the real app and get a server with SSL i really want to test creating an facebook app.
So i foun openSSL and thought i might install that on my easyphp (apache) local server.
Only problem is that its a bit tricky to find out how to. I'm no server/apache/ssl pro. i create web apps. So is there anyone who has some info on how to do this.
Or maybe other (better) suggestions of going at it.
thanks a lot in advance!
Ok i found a way to test building an facebook app without needing a server with SSL.
Just use a public dropbox link. Dropbox is secured.
The simple tutorial can be found here:
http://www.wpcode.net/fb-app-dropbox.html/
I have to add one thing though. Facebook requires a folder instead of a file. To cheat this add yourfile.html?fakevar=1 to your dropbox public link.
p.s. dropbox cant parse php/asp so its just for js and basic testing.
I hope this saves someone some time ;)
Though it is too late to answer but Using Open SSL in facebook app is not a good idea . There are many cheap SSL there you can buy one of them . For Example I bought Positive SSL ( only for one domain or on sub-domain ) for 9$ .
You Try Heroku to deploy and test your app