When setting in the developer console a secure url (https), and trying to load the canvas under facebook:
https://apps.facebook.com/fanta-seriea/
I get the error saying that facebook received an empty responde.
Am I doing something wrong? The certificate is allright:
https://fanta-seriea.com
So why is this happening?
L.
If you enable SSL for your FBML app, please make sure that your SSL certificate includes all intermediate certificates in the chain of trust as our SSL validation is strict. You can use third-party SSL analysis tools (e.g., https://www.ssllabs.com/index.html) to check your certificate status and fix any errors (and warnings). If your SSL certificate has problems, you may see "Empty response received" error when you load your FBML canvas app."
From https://developers.facebook.com/blog/post/567/
Sorry for offtopic.
New Developer Roadmap says that FBML will die on 1st June 2012. Better go on iframe mode.
Have you definitely added a secure canvas URL in your app configuration? On the developer app, go to edit your app and under basic settings you should have URLs in both 'Canvas URL' and 'Secure Canvas URL'
I'm showing the HTTPS version as resolving correctly (although it doesn't fail gracefully if you access that url directly, it pukes errors all over the place) - https://www.fanta-seriea.com/fbfsapro/ - but when I try to access the HTTPS version of the canvas app, it redirects me back to the HTTP version. Is the SSL url set correctly in the SSL url section of your application settings?
You are referencing non-secure assets on that page. Facebook may be providing you with an invalid error message.
You should relativize all URLs that are simple assets.
If you need assets from other domains that are not yours, you can use protocol relative URLs : http://paulirish.com/2010/the-protocol-relative-url/
Related
I recently enabled SSL for my Heroku-hosted website, wildcodemonkey.com, but when I visit it in Chrome I see the error "ERR_SSL_PROTOCOL_ERROR".
My research indicated that the SSL connection terminates at Heroku's router, which then passes the request along via HTTP to my express/node site. Consequently, I did not set up 'https' in my server and have been expecting standard HTTP connections.
My SSL configuration is such that my CSR, key and cert were passed along to Heroku. I'm using the SSL option baked into Heroku, not a third-party resource/addon. After enabling SSL in my app's settings I changed my DNS to reflect the new endpoint (wildcodemonkey.com.herokudns.com instead of wildcodemonkey.com.herokuapp.com), this is the endpoint I was told to use when I configured SSL on Heroku, directly copied and pasted from the settings page after setting up ssl.
I do see morgan logging GET requests when I hit the domain, so it does look like everything is making it end to end, so I'm not sure where the issue is occurring.
Any assistance would be greatly appreciated. Thanks ahead of time.
According to the SSLLabs report the certificate chain of this site is incomplete. While desktop browsers often but not always will work around this problem mobile browsers and other applications will usually not. Check the documentation provided by your CA which chain certificates need to be configured.
I've got mod_pagespeed installed under apache2/php5-fpm and it's working fine on my domain that isn't using SSL (it's combining css and js no probs), however when I access the SSL version of the same site, it no longer works. I've tried setting the variable:
ModPagespeedFetchHttps enable
But it still is not working. The site is behind basic auth security, would this matter?
I can see in the response headers under the SSL version of the site that mod_pagespeed is there, but it's not working it's magic.
Does accessing resources require authentication? If so, then mod_pagespeed probably is not able to access them (it just does an http fetch for resources to rewrite).
Are the same resources available on http? If so, you're best bet might be MapOriginDomain:
ModPagespeedMapOriginDomain http://www.example.com/ https://www.example.com/
This will fetch all resources with HTTP even when the page is requested with HTTPS. So this would avoid the authentication issue.
See also, https://developers.google.com/speed/pagespeed/module/https_support for more help with various HTTPS issues.
In addition to the above answer, also make sure you have added the directory for the ModPagespeedSslCertFile in your config file.
Check "Configuring SSL Certificates" at
https://developers.google.com/speed/pagespeed/module/https_support
I am trying the Browserlink feature of ASP.NET MVC 5 and everything works great for non SSL pages. But if I navigate to a SSL page (with https url), I see 0 connections in the Browser link dashboard. So, is it true that Browser link works only for non SSL urls ? Or am I am missing any settings which will allow me to get Browser Link connection for both SSL and Non SSL urls ?
(I am testing from IIS)
According to this link, Microsoft is working on it.
I have been able to get around the issue by following these steps (using Chrome):
When the debugger opens the browser, open the F12 tools.
Go to the Console tab.
There should be an error message that looks something like this: GET https://localhost:[port]/[guid]/browserLink net::ERR_INSECURE_RESPONSE
Open the link in a new tab.
Click Proceed anyway.
Close the Browser Link tab.
Reload the tab with your app.
Browser Link should then start working.
I've also worked around it by getting the script link, reducing it to the root, and browsing there. Once there, accept the cert warning then view the cert and install it into the trusted roots. From then on, the cert will be trusted and the script will load automatically.
It appears that this limitation has been removed in Visual Studio 2015. I do not see any mention of this in the release notes, but Browser Link is fully operational in my dev environment under SSL.
I was unable to get Browser Link, Web Essentials, to work with SSL, even with the mentioned remedies. I was able to find a way, however, to get it work for me.
I am running my app through IIS (not express) and my app was nested under the default website. When debugging the site I saw that Chrome was dumping a connection error with a URL using port 44399. Adding a binding for this port, for https, then allowed the connection to be successful. I also used a local development cert for the SSL Certificate.
DISCLAIMER: Visual Studio tries to be your buddy and not use ports that you've bound to in IIS so once you close and re-open Visual Studio it will likely not use the 44399 port anymore. It looks like it decrements until it finds the next available port. So assuming you're not using 44398 this will be your number. Once you unbind 44399, then close and re-open Visual Studio it will likely rebind to 44399 again.
Hopefully this helps some of you out.
I had a similar issue involving custom domains and subdomains on IIS Express over HTTPS.
(Using SSL certificate I self-signed with support for localhost and my custom domain, installed with self-signed root authority in the trusted certificate store)
I had got IISEx to use the certificate and serve it on port 443 (as admin user), but browserlink was failing with CONNECTION_RESET.
This persisted even after switching back to using localhost as the website url for IIS etc.
Turns out I had forgotten to replace the certificate associated with the other ports IIS Express uses (specifically port 44399), which were still associated with the default development certificate used by IIS Express
http://www.iis.net/learn/extensions/using-iis-express/handling-url-binding-failures-in-iis-express
http://benjii.me/2014/11/run-iis-express-on-port-443-using-ssl-and-wildcard-subdomains/
[Simple Guide but missing the delete existing certificate bindings guidance]
For Windows 10 IIS Express users.
In visual studio click "View in Browser" in Browser Link
Dashboard .
An IIS Express icon will appear in system tray.
Right Click the IIS Express icon.Your application should be listed in both HTTP and HTTPS.
Hope it helps.
Ii have purchase an SSL certificate for my site and in the admin I set the secure base url to https and unsecure base url to http and enable for the frontend. now i am not sure is it working fine or not. when i come to checkout it shifts to https. this is the link of my site http://majorcomfort.com/index.php/ Please tell me is it fine or i have to do something else ....
Everything seems to be fine, the checkout steps and the customer area are under the secured URLs, which is the standard setting for Magento's "SSL enabled for frontend".
The SSL protection in the front-end is defined in the XML config under the node
<config><frontend><secure_url>path</secure_url></frontend></config>
where path is the desired URL,e.g. /customer/ for the customer area, or /checkout/onepage, for the checkout
I've inherited an ASP.NET web site that has an SSL certificate bought via GoDaddy.
The problem is that the certificate seems to be invalid because of some "mixed content/resources" (I think that's how its called) coming from http sites.
Chrome is showing the red cross over the lock next to https, meaning it's unsecured. The popups says the following:
Click in "What do these mean?" goes here which says:
The [crossed-lock] icon appears when
Google Chrome detects high-risk mixed
content, such as JavaScript, on the
page or when the site presents an
invalid certificate.
The certificate is correct and valid because I tried creating a blank "Hi world" .aspx page and it's showing the green lock with no problems.
Reading a little bit, I found that I should only include images and javascript coming from https sites. The only thing it had coming from http was the addthis widget, but they support https, so I changed to https, but it's still saying that is unsecured.
I've searched for anything else coming from http in the source, but didn't find anything.
Is there some way (site, chrome extension, firefox extension, whatever) that will show exactly which are the resources that are "unsecured"?
I've never dealt with SSL/HTTPS certificates, but I need to fix this issue asap.
Check your site in http://www.whynopadlock.com, which will give you a list of url which is not consider as secure by your browser.
Check the chrome console
You will get it like this,
The page at https://xys displayed insecure content from http://asdasda.png.
Make it http site to https then it will work.
I've found the problem using the Chrome Developer Tools. It was a js that's embedding a flash from an 3rd party site which it's using http.
Are you on Windows? Download and run Fiddler while browsing the site, and watch for HTTP connections.
Mixed content means contents of a web page are mixed with HTTP and HTTPS links.
These links include your JS, CSS, Image, Video, Audio, Iframes etc.
If your website is enabled for HTTPS (SSL certificate has installed), make sure you serve only HTTPS contents throughout your web page.