I'm looking for a correct regex expression that Facebook uses to validate entered Website URL or Display link when user wants to create an ad in Ads Manager (you will see the mentioned input fields on attached screenshot below).
I need that because platform we're developing uses Facebook Marketing API to create ads on Facebook. So in order not to get API request failure from Facebook I would like to perform a validation before we fire a request to the API.
I've been using a few different regexes so far to perform validation but the issue comes back again and again. That's the reason why I come up with question to you.
So my question is, does anyone here used some url validation regex that works well with Facebook? I couldn't find anything on Facebook docs related to this validation, so any help from your side is welcome.
Here is the list I've been using to validate urls https://pastebin.com/0zU6MSme
#update I moved the list to the pastebin because previous link didn't work
The original list I took from here: Original URL List
The issue you are experiencing with certain urls such as http://➡.ws/䨹 being unexpectedly rejected is due to internationalized domain names. Domain names need to be ASCII text, so you have to convert the domain to IDN form before sending it to Facebook (unicode query strings are OK). The browser does this automatically, but apparently Facebook doesn't.
There are libaries like punycode and encoding.py that you could use to convert the domain name to IDN before sending your request.
As for a regex, I would expect the one Django uses will work - Python - How to validate a url in python ? (Malformed or not), except you should disallow ftp, and apply the regex after converting to IDN.
Related
What is the correct way to start using Instagram oEmbed feature? Documentation (https://developers.facebook.com/docs/instagram/oembed/) claims that I have to pass App Review to start using the feature. And application form says Please provide a URL where we can test Oembed Read. Which I don't have because I have no access to the feature.
What I have tried with no success:
I requested instagram_oembed resource with:
app token of application in live mode
app token of application in
development mode
passed URL to a post by official Instagram account
(e.g. https://www.instagram.com/p/CQG4gZxMzzO/)
passed URL to a post
of a user who is Admin of the app
In all cases I receive (#10) To use 'Oembed Read', your use of this endpoint must be reviewed and approved by Facebook. To submit this 'Oembed Read' feature for review please read our documentation on reviewable features: https://developers.facebook.com/docs/apps/review.
Example of the request I do https://graph.facebook.com/v11.0/instagram_oembed?url=https%3A%2F%2Fwww.instagram.com%2Fp%2FCQG4gZxMzzO%2F&access_token=appAccessToken
We're also suffering from this issue, but so far, we thought we already figured out how to do that.
Big picture
Facebook had not sorted this thing out correctly. Or at least, we don't know why they put such a restriction to this API.
The official document is not correct. (or at least not accurate for now, for some part)
Which part was not correct?
The access token part is not right. Or at least, it's the most confusion part.
How can we resolve this?
Use the Graph API Explorer
Adjust your token(App token, Client access token, user token) with the official URLs(see below) to see if you can get the result
most of us should be able to get the result with user access token, which means you have to access this API after login!
Integrate into your app for review
The review page is also confusing:
Please provide a URL where we can test Oembed Read. Include the URL of a page, post or video from our official Facebook or Instagram pages, or the pages themselves., it means you can only use links like https://www.facebook.com/instagram or https://www.facebook.com/facebook
With that in mind, so far, the only way to get approved is integrate your oembed usage into your normal UI with facebook user access token ready
Question to the big picture
So, we have to ask user to login with our facebook app, then we can provide this oembed read API returned embed HTML? I'm afraid that's what we have now.
big companies might be able to apply for App Token, I guess in that scenario, facebook login is not necessary
for small companies, indie developers, hmmm, I don't know any better solutions so far.
I have run into this too. I do not have an answer at this time, I just want to report on the frustrations of their 'app review' process. Which makes it feel like you are unlikely to get it to work any time soon.
We have a custom embed code for our weblog authors to use (a shortcode kind of thing) which does the oEmbed call. We just take the HTML from the resulting JSON, and insert it into the weblog article page, and that is it. It stopped working, presenting this same error - in live mode, and in development mode.
The kicker is, I then tried submitting it for app review. Filled out everything I could to the best of my knowledge. Provided them a test account and post on our weblog to show the shortcode editing and expected placement. We got rejected. Why? Your embedding resulted in an error, we can't see it in action to approve you.
Yes. The error I am getting is that I need my 'app' to be reviewed and approved.
This is an infuriating process. This is the only Facebook / Instagram API feature we use at this point. No user data. No attempt to make an Instagram clone app or anything like that. Just an embed.
And they are making this simple use case as impossible to use as they can. And the documentation also feels like an infinite loop. They say users of the old Instagram embed call have until September 7 2021 to get approved. But the call does not work at all because we are not approved. So we cannot get approved.
Same loop here. I've managed to report it to Facebook team and get answer "Just submit your Instagram post URL"! I can't believe it, its can't be so simple. I've confirmed it few times with Facebook team person and.... get rejected!
Also, second form in App Review process will LOWERCASE all of your links and I've spent few days just to explain it to reviewers and support person. Still rejected after submitting proper url. This is insane.
My another attempt was about to build a test page where I can auth via Facebook account, parse connected Instagram accounts and GET embed endpoint with user access key in hope that reviewer HAS access to oembed feature - REJECTED. I can't even find what permission I need to add to auth URL to obtain oembed thing.
Will update my answer with new information later.
UPDATE: After reporting about the issue with lowercase URL in submission form they just APPROVED my app without APP REVIEW. Well... Facebook style...
I had exactly the same problem recently. Updated the packages with compose, changed the API version from 10 to 11... without any change.
The error was also occurring in development mode, it didn't make sense that Facebook was asking to approve in dev mode.
For me, the problem came from the management of scopes in my application, depending on the version of the Facebook API used.
My advice: check the scopes defined with API version in your code first.
I had the same issue and the solution is very simple. The only thing you need to do is copy paste an instagram url in the input field saying: Please provide a URL where we can test Oembed Read.
I did the this link: https://www.instagram.com/p/G/
Which is actually the first instagram post :) Got approved. Hope this helps everybody!
There are region specific URLs for various websites like google.co.in or google.co.uk for google.com, So for the major sites like google, facebook, linkedin, I want to replace their region specific URLs with all region URL.
For example for google, it should be redirected to https://www.google.com/webhp?pws=0&gl=us&gws_rd=cr.
The solution which I was trying:
1) Take the part of URL google.co.in(using regex) and replace it with google.com (using re:replace)
2) For storing of initial and replacement URL, I'm thinking to use orddict, where {key,value}={"...//google.co.region/...","...//google.com/..."}, region can be in or uk or any other, so how to take that region into consideration if I'm using orddict as keystore ?
But I'm not sure how to actually implement this in erlang or whether my proposed solution will work properly ?
I'm doing this for my messenger app, so whenever user enters URL, it doesn't show preview of URL where my server is located, instead atleast show it in english.(as per now ,for facebook, my app shows preview in russian)
There's built-in regex module in Erlang: http://erlang.org/doc/man/re.html
As for your solution, it really feels like a crutch for functionality better achieved with smart networking. Or you can try making requests for a preview on client's side, not server, for example.
In a web app, if a user is allowed to signup via Google, Facebook or Twitter and if the username of a user is formed in the following manner:
if authenticated with Twitter - take Twitter nickname;
if authenticated with Google or Facebook - take the part of the email before the # sign
and if I want to use a regular expression for the format of the username, basically I need something like:
/\A(twitter_pattern|google_pattern|facebook_pattern)\z/
where
twitter_pattern is the pattern, used by Twitter to validate nicknames;
google_pattern is the pattern, used by Google to validate the part of the email before #.
facebook_pattern - the pattern Facebook uses to validate the part of the email before #.
In this regard I have two questions:
How do I find out the exact regex patterns, that each of these providers uses?
How am I supposed to keep this in sync? Am I supposed to check regularly, that they have not changed these patterns at some point?
Does Facebook support Google's ajax crawling specification and, if so, what do you need to do to implement it?
I am trying to get the Facebook "Like" button to work with AJAX crawlable urls as defined here: code.google.com/web/ajaxcrawling/docs/specification.html
I have this url which I can go to directly and it loads. Note the "#!" in the url:
http://www.idkshouldi.com/?#!idkDetails_idkKey=agppZGtzaG91bGRpcmMLEiljb21faWRrc2hvdWxkaV93ZWJfc2VydmVyX2dhZV9vYmpfSWRrVXNlciIDamltDAsSKWNvbV9pZGtzaG91bGRpX3dlYl9zZXJ2ZXJfZ2FlX29ial9JZGtJdGVtGN6kBgw
When I "Like" this page it should crawl this "escaped fragment" url:
http://www.idkshouldi.com/?_escaped_fragment_=idkDetails_idkKey=agppZGtzaG91bGRpcmMLEiljb21faWRrc2hvdWxkaV93ZWJfc2VydmVyX2dhZV9vYmpfSWRrVXNlciIDamltDAsSKWNvbV9pZGtzaG91bGRpX3dlYl9zZXJ2ZXJfZ2FlX29ial9JZGtJdGVtGN6kBgw
Why won't it crawl this page? The Facebook linter is not properly crawling my page. If one uses the Facebook linter tool here: developers.facebook.com/tools/debug
It won't properly crawl an AJAX enabled URL with the "#!" in it. This is Google's specification. What Facebook's lint crawler needs to do is to replace the "#!" with "_escaped_fragment_". It doesn't appear to do that with my AJAX enabled links.
This is also a big problem for me, but unfortunately it appears Facebook does not support this Google URL notation. Facebook's crawler/parser does not translate from hash bang (#!) to an _escaped_fragment_ format URL.
Like you I have tested my page on Facebook's URL linter and it only picks up static Open Graph tags within the dynamic original page, rather than the page-specific Open Graph tags in the _escaped_fragment_ server-side variant of my page. Unfortunately, this means that Facebook sees my Open Graph tags as site-specific, rather than page specific.
It is rather an irony that this appears to be unsupported as Facebook uses this approach itself to allow Google's crawlers to pick up Facebook pages.
One potential workaround, that may help you a little bit, is:
1) Use your _escaped_fragment_ page version in Facebook links
2) Add an automatic redirect to your _escaped_fragment_ variant to the proper version.
This should mean that Facebook will pick up the proper meta tags, and the user will click the link and end up on the correct page. The downside of this approach is that the user has to know the rather ugly _escaped_fragment_ URL. In other words, it will probably only be you that knows it, unless you add some sort of 'generate shareable link' button to your page.
It is surely only a matter of time before Facebook adds support for this as single-page hash bang sites are only going to become more prevalent.
I have a page where user is asked only for the payment amount, then user will be redirected to another website where the payment will be processed, I want the amount to be set on the redirected page without using querystring,cokkie, etc..
I tried to use web service but here is my challange:
user enters amount on the website.
webservice is called and set the amount to ex:400$
then user is redirected without any query string to another website.
Now:
how this payment website will know that this user is the user entered 400$ on the redirecting page?
I can count on approaches more secure than this also.
thanks
I have made some research on net and asked my experienced friends, the answer is "impossible" this way.
Because redirected website somehow identify that user and there is no solution without querystrings or browser related components,
Here is my friend's advice and i am little bit satisfied, not totally :)
He calls this approach as ticketing,
First create a datetime.now integer, with that number add id and amount of money to be processed.
Then make a complex function to encrypt data. take square of every odd digit then divide to 7 etc.
then on the other website, decrypt data and check datetime if its within 5 minutes for example,
the link is valid.
You have to pass the data to the other website somehow.
Cookies wouldn't work due to domain restrictions.
Query string or form posts could work, but you don't want to use query strings.
Alternatively, if both sites share infrastructure, you could use that to share information - for example if they both have access to the same database, you could use that to share data (though you would still need to identify the specific user to both sites).
The way the service would have to work is to give back some token, probably a GUID, that the site will then look for in the querystring of an HTTP request, to identify the owner of that pre-populated data. You then tack that token onto your redirect, and the client makes a request that causes the payment site to go pull the pre-loaded data for that client.
You still have to use a query string, but now, the query string doesn't contain any human-consumable information; they can't identify their $400 amount in the query string and change it to a different amount of money. If they change the GUID at all, the request will most likely fail as that GUID won't exist in whatever datastore of pre-populated data exists behind the payment site.
Contact the website/web service/gateway. They will provide you the API which will define parameters and methods to accept payment amount. If you are the author of such service, provide mechanism to accept such parameters from your caller application. Communication should be secure, using SSL.
For example for payment gateway Paypal, check this for ideas:
Use of the PayPal payment system in ASP.NET
Have a look on wikipedia.
Shortly the answer is impossible this way, because somehow the redirect website should identify the user, all the ways are browser related or ip ( which can cause many issues later)