I am creating an application that will allow people to publish content on our website and have it simultaneously appear in their Facebook timeline. From my understanding of the OpenGraph API, I need to create a publicly available page with metadata that Facebook can access in order for the publish action to work. For example:
<head>
<meta property="fb:app_id" content="" />
<meta property="og:type" content="" />
<meta property="og:title" content="" />
<meta property="og:image" content="" />
<meta property="og:url" content="" />
<meta property="og:description" content="" />
</head>
My concern is that if this page is available to Facebook, then people who are not logged into our website will be able to see this content as well. Is this a common security concern? What best practices are recommended to make your users' content secure from unauthorized users?
It depends on what you want to share.
If you just want to share text or a photo that you've uploaded to a user's album, you can create a post or photo using the Graph API.
Otherwise, you need to restrict the visibility of shared pages with rules on your server. The shared page needs to be visible to the Facebook scraper (See this SO post for details), but require authentication for other users and search engines.
Related
Okay so I'm in like a really weird spot.
I need to set up a nodejs server for a messaging app, and I want to put the server on a url I already have. I have full access my directory on that site (ex. I can access sitename.com/~mypage/) and do things with it through filezilla, but I cannot access the hardware or the base domain (ex. I can't touch sitename.com but I can access ~mypage).
how would I set up the server on there? Do I need to initialize it on my own computer then upload it or do I install nodejs on the server and initialize it there? or can I use a local host for the app? Thanks.
if you already have a site running you won't be able to just slot a node app into ~mypage by adding it through filezilla.
The best way to do this in my opinion is by setting up through your domain management that ~mypage points to where you have deployed your node app (ie heroku, AWS), but if you have access to do that you may as well set up a subdomain to route to the app (ie app.sitename.com)
However, if you really cant access the domain settings, my suggestion would be to deploy your node app on Heroku, AWS or GCP then either:
A) set up a a ~mypage that redirects you to your app url if someone visits it
OR
B) set up a page with masked forwarding like so (so the browser url stays as sitename.com/~mypage/):
<html>
<head>
<title>Page Title</title>
<META name="description" content="Page Description"><META name="keywords" content="keywords, for, page">
</head>
<frameset rows="100%,*" border="0">
<frame src="http://linktoyourapp.herokuapp.com" frameborder="0" />
<frame frameborder="0" noresize />
</frameset>
</html>
to get this done I found the below code on other post.
<meta property="og:image" content="http://example.com/logo.jpg">
<meta property="og:image:type" content="image/png">
<meta property="og:image:width" content="1024">
<meta property="og:image:height" content="1024">
This works fine if I use http://example.com. But when I use www.mysite.com this is fetching another thumbnail.
Can anyone help me to get the same image when I access with www and without www as well?
It just took time. No issues with the code.
Using Java-EE 6, JSF2, Glassfish 3.1.
What is the best method to redirect a user away from certain pages, such as the 'log in' page when they're already logged in?
I was going to user the following in each of the pages I did not want logged in users to access:
<f:metadata>
<f:event type="preRenderView" listener="#{aBean.checkIfLoggedInAndRedirect()}" />
</f:metadata>
Is there a more elegant method?
Something like a security constraint for anonymous users so that no other roles (i.e. logged in users) can view these pages.
With no other better suggestions, I have used the following on each page I don't want to a logged in user to see. Not the most solid implementation (as the page is still there).
<c:if test="#{request.remoteUser != null}">
<meta http-equiv="refresh" content="0; url=/home" />
</c:if>
I have a question:
If I put this code in my website:
<META NAME="robot" CONTENT="noindex,nofollow">
The google won't search the specific page, right? not all website.
With NOINDEX, Google will not include any content from this page in its index (The page will be invisible to Google searches).
With NOFOLLOW, Google bot will not try and follow any link on this page, hence these pages that the current page links to will not be included in Google index, unless they can be reached (by Google bot) in other ways.
Beware that the snippet in the question uses the wrong name for this META tag. ROBOTS needs to be in its plural form, not ROBOT. While upper/lower/mixed casing doesn't matter, I do not believe the bots will try both names.
BTW, <META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW"> is equivalent to
<META NAME="ROBOTS" CONTENT="NONE">
And, yes! The rest of the web site will be indexed by Google as normally, unless of other bot exclusions.
The official word on the way Google bots interpret the META tags can be found on the Official Google WebMaster Central Blog
i have to write htaccess for mysite. actually we have two domains. '.com and .in' . for example i opened '.com' site it will actomatically access files from '.in' domain. there is no files in .com site. how to write .htaccess for this.
thanks.
If you have access to the web server, use the configuration to archieve this. In case of apache2, it would just require a server alias in the virtual host. Otherwise, use redirects or url rewriting.
If you cannot use them either (because you are on a limited virtual environment, f.e.), place an index.html in your .com directory, configure it to redirect via meta-refresh tag. Place the following line in the header section of your index.html:
<meta http-equiv="refresh" content="0; URL=http://yourinsite.in/">
Then use the DirectoryIndex directive on a .htaccess file to automatically load it as default index page:
DirectoryIndex index.html
This brings up the index.html when the user browses yoursite.com/ and lead her to yourinsite.in automatically.
Do you have access to the server config? Judging by your comment above what you actually want is to setup a server alias, where the .com and .in sites are the same? This will make the .com site load the .in or vice versa.
Another solution you could use if you don't have server access it use a domain frame cloak, which will keep the .com URL in the address bar but load the .in site inside a frame, put this code in index.html on the .com site, fill in what toy need to.
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN" "http://www.w3.org/TR/html4/frameset.dtd">
<html>
<head>
<title>TITLE OF THE SITE</title>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8">
<meta name="Description" content="Description of the site"
</head>
<frameset rows="100%,*">
<frame frameborder="0" src="http://domain.in" scrolling="auto">
<noframes>
<body>
<p><b>Welcome on our site. Your browser do not support frames.</b></p>
<p>Click here to go to the page.</p>
</body>
</noframes>
</frameset>
</html>