Why would Facebook oauth try to access the http version of an https site?
When I try to use Facebook login on this site:
by clicking the button at the top of the page, I get a popup with the URL:
I enter in my Facebook creds and submit. In Safari, this works and login completes. In Chrome, the popup goes blank but stays open. The popup URL is
https://parlay.io/_oauth/facebook?close&code=...
The popup console says:
Uncaught SecurityError: Blocked a frame with origin "https://parlay.io" from accessing a frame with origin "http://parlay.io". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
The error occurs on line 23:
I don't know why this popup is trying to access http://parlay.io. I do not have http or http://parlay.io as a setting anywhere in my app.
This is using the 'popup' style oauth. When I switch to 'redirect' style in Chrome, the first time I login, I get this error on the server:
{"line":"398","file":"oauth_server.js","message":"Error in OAuth Server: redirectUrl (http://parlay.io/) is not on the same host as the app (https://parlay.io/)","time":{"$date":1435164688847},"level":"warn"}[parlay.io]
and I get redirected to same signin page. The second time I click login, it works. The second click can be automated with:
I had the exact same problem, under similar conditions (Meteor 1.3.x, ROOT_URL set to https, FB/Twitter apps set to https.)
What fixed the problem for me was to set up my site to always redirect HTTP requests to HTTPS. I am using Cloudflare, so I followed the instructions here:
After making the change, sign-in worked like a charm across different machines. Final results here:
- Laravel & Meteor password hashing
- Facebook login message: "URL Blocked: This redirect failed because the redirect URI is not whitelisted in the app’s Client OAuth Settings."
- How to override user.profile type?
- Meteor js custom pagination
- Error during the building 'node-canvas' on arm64 M1 CPU
- Graphql query only not null objects
- Generating a PDF file from React Components
- Unable to use the jquery smartwizard npm package with meteor
- Rotation using cropper js
- JS Library to create formatted XLSX spreadsheets
- UI/UX Design in Real Time Applications
- How to fork an existing Meteorite package in a clean way?
- google map not displaying on mobile
- Token Authentication in Meteor
- React Helmet: Hash Not Accepted?
- How to return value from SOAP function to meteor method?
- cannot start docker daemon (graphdriver issue)
- npm install anything failes with ECONNRESET
- integrate meteor in existing vue 3 application
- Argument of type 'Date' is not assignable to parameter of type 'string'
- How to check if email already exist for a user (emails[0].address) before try to use it to change the email of another user?
- Twilio Voice and Meteor.js - Can’t Get req.body In WebApp.handlers.use()?
- Meteor server api using iron router returns HTML not the response
- In Meteor with Iron router how would I redirect to a thank you URL stored in the database after form submission
- Meteor: Iron route not to the right route
- Meteor GoogleMaps.load() not working on iOS with Iron
- How to delete Iron Router history
- Iron Router / Meteor - How can I pass data from the controller to the template?
- Meteor Rendering Templates with Functions
- Meteor Unable to Render Dynamic Templates