I am building a Facebook app using Django. So, for development, I connected the app to localhost. My app is loading on canvas and working fine but the Facebook debugger is unable to test it correctly when I give localhost address as input.
These are the requests I tried in debugger
http://localhost
https://localhost/
http://127.0.0.1/
localhost
etc
Almost for all possible combinations.. It showed me
Error Parsing URL: Error parsing input URL, no data was scraped.
When I deployed the same code on heroku and tried.. It was working!
So,
Can't I debug the project on localhost? What's the point in working on it then??
If I can work, how should I fix it?
Can't I debug the project on localhost? What's the point in working on it then??
You can debug your code etc. on localhost – but of course you can’t have Facebook’s debug tool reach a site on your localhost, because Facebook (and everyone else on the web) does have no idea what machine your localhost actually is. (Absolute bascis, dude!)
If I can work, how should I fix it?
You have to make your web server accessible from the “outside”, over the internet.
Set up your test server so that it accepts requests from outside IPs, and get a DynDNS address (basically something that can be resolved by third parties like Facebook over the DNS).
You can access Facebook apps locally but you need to fake the domain of your local computer. You can do this by adding
127.0.0.1 mysite.test.example.com
to /etc/hosts. You should update mysite.test.example.com to your domain. Your Facebook app needs to be configured for that domain. You can then use the Facebook app locally and debug your project.
The alternative is to setup up a web server and use its domain for testing purposes (but this is not ideal because you'll need to commit and build the code before you can see your changes).
Related
I'm new to burp suite and I'm getting lot of errors with it, one of the errors are this. When I'm trying to access web pages (ex:- google.com, hackerone etc.) it just never load in the web page( Intercept is off) and I'm using chrome. Please help me with this matter.
OS : Windows
Proxy : FoxyProxy(127.0.0.1 : 8080)
note : intercept is off when I'm browsing
Well I can't understand your problem but here are some points to keep in note while using Burpsuite.
Make sure CA Certificate is properly installed in browser
Add your target host to scope. For example if you are testing on xyz.com then add this host to scope so even if intercept in ON other host's requests will be ignored by interceptor.
Slow loading is might be your internet issue
Make sure your 8080 port is not blocked by any other service.
Try changing your browser incase of getting errors
Burpsuite will not work while having VPN or other proxy is ON
I am running a Django project with react redux (trying to implement authentication system) and the very weird thing i observed that my site is rendering properly when i use localhost:8000 or http://127.0.0.1:8000.
But when i m trying to login/signup (ie trying to send post request) then it working only when i use localhost:8000, and giving some error when using http://127.0.0.1:8000.
One of the error when using http://127.0.0.1:8000 is shown below.
However i have seen this and found localhost will often resolve to ::1, the IPv6 loopback address. But i am getting is it related to this or not ?
And whether localhost:8000 and http://127.0.0.1:8000 is same or not ?
Please try to answer in simple words because I have not much knowledge of internet protocol or networking.
This problem is because of CORS. You have to enable from outside your application.
This happens because django apps and generally all frameworks blocks requests outside your address.
You can read more about CORS here
I've been trying to figure this out for a while now and nothing I've found has really been helping.
I've got a remote Linux server running with Apache installed, and right now everything going to the server is redirected to HTTPS through Apache. This all works fine and I can access the files I need to normally, but now I'd like to also add in a Django site to my server under a new "subdomain". (For example I'd like to still be able to access non-Django files as usual 'https://www.thesite.com/path/to/file.php' and also be able to access the Django site like 'https://www.thesite.com/djangosite/some/site/page')
Could someone please give me some direction as to how I'd be able to do this? I can supply more information if it's needed.
Thanks in advance!
Edit 1: The Django server seems to dislike connecting via HTTPS and I'm getting an error that it can only support HTTP, but I need it because I want the site to be secure, and currently Apache is redirecting all HTTP requests to HTTPS, so do I need some other method of making it work?
https://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm
Check out SNI and also potentially wild card certificates
I am executing sample programm of wso2. I have installed wso2is on different machine and tomcat is on local machine. I have changed localhost:9443 to my ipaddress(eg 192.168.1.xxx) from travelocity.properties and avi.properties. But when I execute sample from click on login button it always redirecting me localhost and giving error.
I think you need to try the following,
While the tomcat is running,
Open the travelocity.war with an archive manager
Edit the travelocity.properties file,
update SAML2.IdPURL value
eg : SAML2.IdPURL=https://192.168.1.7:9443/samlsso
Save and update the travelocity.com web app
Restart the tomcat server just to be sure (You don't really have to do this since tomcat hot deploys once it detects a change)
I tried this locally and it redirected me to the IP address I put in SAML2.IdpURL. Clearly the problem seems to be a configuration error on the travelocity.com web app side :)
You need to change <HostName> and <MgtHostName> attributes at repository/conf/carbon.xml of your Identity Server with your IP address. By default they are set as localhost, so when logging it will be redirected to location specified there.
I have a web service running under IIS7 on a server with a host header set so that it receives requests made to http://myserver1.mydomain.com.
I've set Windows INtegrated Authentication to Enabled and everything else (basic, anonymous, etc) to Disabled.
I'm testing the web service using a powershell script, and it works fine when I run it from my workstation against http://myserver1.mydomain.com
However, when I run the same exact script on the IIS server itself, I get a 401-Unauthorized message.
In addition, I've tried installing the web service on a second server, myserver2.mydomain.com. Again I can call my test script fine from BOTH my workstation and from myserver1.
So it seems the only issue is when the client is on the same box as the web server itself - somehow the windows credentials are not being passed or recognized.
I tried playing with IE settings on myserver1 (checked and unchecked 'Enable Windows Integrated Authentication', and added the URL to Local Sites). That did not seem to have an effect.
When I look at the IIS logs, I see the 401 unauthorized line but very little other information.
I see basically the same behavior when testing with IE (v9) - works from my workstation but not when IE is running on the IIS server.
I found the answer after several hours:
By default, there is something called a LoopbackCheck which will reject windows authentication if the host header used for the site does not match the local host's name. This behavior will only be seen when the client is on the local host. The check is there to defeat possible reflection attacks.
More details here:
http://support.microsoft.com/kb/896861
The kb item discusses ways to disable the Loopback check, but I ended up just switching from using host headers to ports to distinguish the different sites on the IIS server.
Thanks to those who gave assistance.
Try checking the actual credential that is being passed when you are running on the server itself. Often times you will be running on some system account that doesn't have access to the resource in question.
For example, on your box your credentials are running as...
MYDOMAIN\MYNAME
and the server will be something like...
SYSTEM\SYSTEM_ACCOUNT
and so this will fail because 'SYSTEM\SYSTEM_ACCOUNT' doesn't have credentials.
If this is the case, you can fix the problem in one of two ways.
Give 'SYSTEM\SYSTEM_ACCOUNT' access to the resource in question. Most people would avoid this strategy due to security concerns (which is why the account has no access in the first place).
Impersonate, or change the credentials of the client manually to something that does have access to the resource, 'MYDOMAIN\MYNAME' for example. This is what most people would probably go with, including myself.