accounts-facebook fails with SecurityError when the site uses SSL
My meteor app has so far lived "unsecured" - meaning no redirection to https:// by default. This has worked fine in conjunction with the accounts-facebook package, which creates its own SSL enabled connection to Facebook when doing its OAuth magic.
My problems started when I tried acessing my site using https instead of http. The pop-up window the accounts package opens to log into facebook halts quickly and by reading its console output I can see the following message
Uncaught SecurityError: Blocked a frame with origin "http://wishlist-foobar.meteor.com" from accessing a frame with origin "https://wishlist-foobar.meteor.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match.
I thought this might have something to do with the site url in the app's facebook settings, but changing the http to https in that setting got me nowhere. Still got the same message. How is this supposed to work? I am not hardcoding the http part of the path anywhere except the facebook settings, so this seems to be something the accounts-facebook package is doing.
This is my app settings on Facebook. Observe the non-SSL site url.
It turns out you need to set the ROOT_URL environment variable for the callbacks to work and make sure visitors hit that url (for instance, forcing ssl). See these SO answers for more background info.
- Error while creating test user on Facebook "The ability to create test users is disabled temporarily"
- Identify Facebook app is in canvas or not
- React app does not render in Facebook in app browser In IOS, showing blank white screen
- Facebook PHP SDK & Page feed post (filtering results)
- WhatsApp API Webhook Not Receiving Message Webhooks - all other webhooks works well
- Change / Hack style of Facebook 'Like it' button
- How to remove Facebook "Currently Ineligible for Submission"?
- Facebook Error #100 when uploading Offline Conversions using Marketing API
- Error: FB.login() called before calling FB.init()
- How to get props of a component when unit testing using jestjs
- how to extract UID facebook using imacros
- Storing Friends in Database for Social Network
- Facebook Chat Bot - How do I test the welcome message?
- Facebook OAuth Dialog not redirecting to login
- java.lang.NoClassDefFoundError: Failed resolution of: Lcom/facebook/drawee/backends/pipeline/info/ImagePerfDataListener;
- Failed to resolve: com.facebook.android:facebook-android-sdk:[4,5)
- Android Facebook SDK does not call callback after login
- Why my amp site with amp-facebook-comments not show?
- iOS import unresolved identifier
- FacebookSDK 3.0 - Apple Mach-O Linker Error
- How to use FBFriendPicker to get userID from Facebook iOS API
- Easiest way to fetch Facebook friends info in iOS
- Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."
- Facebook key hash does not match any stored key hashes
- Is there a simple Facebook "Like" or share URL?
- Facebook like automatic image crop with intelligent results
- Facebook Oembed Read Can't Request Advanced Access
- FB-CustomerChat dark mode
- Facebook Messenger Bot, test users, has anyone got this working?
- Listview in alphabetical order