We've been successfully using passwordless authentication for the last half year on a web app hosted on Firebase's hosting:
AngularFireAuth.auth.sendSignInLinkToEmail
Yesterday afternoon, we all of a sudden start seeing "Domain not whitelisted by project" exceptions when sending the link. The domain is and has been whitelisted all this time. The actual message is:
Xr {code: "auth/unauthorized-continue-uri", message: "Domain not
whitelisted by project"}
Customers are completely locked out of their accounts and I have no idea how to fix this.
Help!!!
I fixed it but am still not sure exactly how I got into this situation. I read a post that indicated a sha key problem caused the same error message for someone after updating some tools. So I:
Removed, cleaned, and reinstalled angular (as well as all other tools)
Rolled back my (very innocuous) code changes
Built and re-deployed and it was fine.
Re-introduced my code changes, built and re-deployed and that was fine
Wish I knew exactly what I did to get there, but at least I found a way out.
Related
I'm making a "new tab" page just for fun and to learn.
I want to add the user name (if the user is logged in) to a element. I have no idea on how to do this
I'm not asking you to do my work, but to guide me and help me with some documentation.
EDIT: It is a chrome extension
Question could use a little more information BUT — Login / Logout Authentication for users is generally a bigger job than you would at first think.
Coming from a freelance web / app development background I generally consider an authenticated web app at least twice as complicated as the unauthenticated version of the same functionality.
You mentioned new tab landing page so probably you are going to be heavy into these docs on Chrome extension authentication:
https://developer.chrome.com/apps/app_identity
Here is a little bit more on Chrome app authentication: https://developer.chrome.com/apps/identity
From the above Chrome docs the steps your app needs to perform are:
Add permissions to your manifest and upload your app.
Copy key in the installed manifest.json to your source manifest, so that your application ID will stay constant during development.
Get an OAuth2 client ID for your Chrome App.
Update your manifest to include the client ID and scopes.
Get the authentication token.
There are some great resources already on stackoverflow relating to chrome extension authentication, specifically this one:
chrome.identity User Authentication in a Chrome Extension
It looks like there are also others working on this same problem:
https://gist.github.com/raineorshine/970b60902c9e6e04f71d
Hopefully that gets you headed the right direction. Welcome to stackoverflow!
I have a Firebase app and have started playing around with the quickstart examples. I have created apps in Facebook, Google and Twitter and filled in the necessary clientId/secret information.
When testing the example pages facebook-credentials.html and google-credentials.html, everything works fine.
I am using Firebase 3.6.4 JS also.
When trying out the facebook-popup.html and facebook-redirect.html, and in fact the popup/redirect examples for Google and Twitter, I always get the following error in the Javascript console:
firebase.js:191 Uncaught Error: Network Error
at firebase.js:191
(anonymous) # firebase.js:191
This seems to happen fairly quickly, but the HTTP request is still pending. After maybe 30 seconds, I then get another message in the console:
GET https://XXXXXXX.firebaseapp.com/__/auth/iframe?apiKey=YYYYYYY&appName=%5BDEFAULT%5D&v=3.6.4&usegapi=1&jsh=m%3B%2F_%2Fscs%2Fapps-static%2F_%2Fjs%2Fk%3Doz.gapi.en_GB.1grkUO4uZ2s.O%2Fm%3D__features__%2Fam%3DAQ%2Frt%3Dj%2Fd%3D1%2Frs%3DAGLTcCMXwBvX3_duAb3Vw22ujByEbXKdJA net::ERR_TIMED_OUT
(note I have masked out my application name as XXXXXXX and API key as YYYYYYY).
Does anyone know why this is happening?
I really want to get Twitter working, but there is no twitter-credentials method, so I'll need to get the popup or redirect working.
It appears that this was a lower level issue on my PC. I haven't gotten to the bottom of it yet but the Twitter examples work on another PC. At this point I am thinking it might be my antivirus or Firewall, so I am closing this topic.
I think you're also being blocked. My application quit working, and another one that was using firebase also quit working, so we called IT. There was new security software blocking the network request. Similar errors, blank popup, that's how I ended up here.
So I'm building a Phonegap app and I need to access Youtube's Data API. I managed to access the simple API (The one that requires an API key) yet I'm having trouble connecting with OAuth.
I did everything the walkthrough guides told me to do, I have generated a Client ID for Web application from https://console.developers.google.com.
I'm using the auth.js file from their example at the google developers website
The main issue is that every time I try to log in, I get this error:
Refused to display
'https://accounts.google.com/o/oauth2/auth?client_id=' in
a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I tried clearing my cookies but to no avail.
I run this on localhost with Visual Studio, maybe this has something to do with that?
Ok, so after spending some time on it I finally figured out what the problem was.
On https://console.developers.google.com when I created my OAuth 2.0 client ID there was the "Authorized JavaScript origins" field which I left blank. Since I was running it from my localhost, I added http://localhost:28299 to the list of safe origins and everything worked fine.
Of course this is just for the development phase.
I have a Chrome Extension, Requestly which allows you manipulate HTTP Requests. 3-4 Users have faced an issue where Searching in Omnibox is Crashing the Google Search Results Page while rest of the pages work fine.
Please have a look at this Gif for more understanding.
Issue seems to be resolved by couple of ways:
Export Rules, Delete Rules, Restart Browser, Import Rules
Simply Restart Browser
Clearing Cache
This issue is reproducible on Ubuntu 14, Windows 8.1 Chrome 42. I have Ubuntu 12.10 Chrome 42 and I never saw this issue.
Here is the background.js code on Github. I am just wondering the cause of issue. I have used the following in my code
chrome.storage.sync
chrome.webRequest.onBeforeRequest (Blocking Option)
chrome.webRequest.onBeforeSendHeaders (Blocking Option)
I have observed another Chrome Extension, Scritsafe is facing the same issue. Details mentioned in this thread but the users are still not able to completely get rid of this bug.
One of the kind and helpful user gave me this information by enable logging while launching Chrome but I am not sure if these logs are helpful. These are the logs:
[13753:13788:0515/203052:WARNING:spdy_session.cc(2373)] Received HEADERS for invalid stream 7
[13753:13788:0515/203052:WARNING:spdy_session.cc(2373)] Received HEADERS for invalid stream 11
[133,3746404608:17:30:52.858104] Native Client module will be loaded at base address 0x0000702d00000000
[13753:13788:0515/203058:WARNING:spdy_session.cc(2373)] Received HEADERS for invalid stream 17
[13753:13788:0515/203210:WARNING:spdy_session.cc(2373)] Received HEADERS for invalid stream 55
[13791:13791:0515/173212:WARNING:ipc_message_attachment_set.cc(37)] MessageAttachmentSet destroyed with unconsumed descriptors: 0/1
Main problem is I am not able to manifest this on my machine. If I am able to manifest this, I would certainly try some random things and figure this out.
I have done enough Google Research. Now How should I approach to fix this issue ?
Edit:
Clone of this question is also available in Google Chrome Extension Forum. Simon Knott has also faced the same problem/bug.
He mentioned to avoid blocking all requests (Avoid especially XHR).
I am using valums ajax-upload together with a ashx handler to let users upload files in the webapp Im developing. All is working absolutely fine for about 95% (around 3000) of the users.
For the last about 5% I get reports that the upload never finish, the wheel just keeps spinning people say. It seems that those who get this error are all are using IE9.0.
I have tested on all the IE9.0 I can come across but still have not been able to reproduce the error. I also have tried to log all thinkable errors but still no luck.
Please, can anyone reproduce the problem and hopefully give me a JavaScript console error transcript if any. To test go to step 2 (Upload section) and try to upload a small text file:
https://jobmatchprofile.com/backend/login.aspx?auto_login=24G3FY
UPDATE
I have been in contact with a user who experienced this problem. The error message can be seen here. It is in danish and says: "SCRIPT5 Access denied".
Error message
What is strange is that the user had same IE version as is working for others (me for example): I have been testing on: 9.0.8112.16421 and also ran WIN7 (as I). The Product-id differs however and he had a danish version where I have the US version.
UPDATE II
I was finally able to reproduce this error. I know this sounds a little strange, but belive me it is true: when opening the page via a link sent to my gmail account I get the same error. The user from first Update also used gmail to open the page.
Your reference to Gmail, specifically, points in the direction of a solution: Gmail strips the referrer data from the HTTP headers when you click on a link within an e-mail, except when you use your right mouse button and select "Open in New Tab [or Window]", presumably because this prevents their code from intercepting the headers. Is your script checking for a valid HTTP REFERRER, by any chance?
Are you making any cross-(sub)domain or cross-protocol AJAX calls? If so, then you may have to proxy the request(s). Consider the following solutions from the Yahoo! Developer Network:
http://developer.yahoo.com/javascript/howto-proxy.html
See also:
SCRIPT5: Access is denied in IE9 on xmlhttprequest
Access denied to jQuery script on IE
"Access is denied" JavaScript error when trying to access the document object of a programmatically-created <iframe> (IE-only)
(Un)fortunately, I wasn't able to reproduce the error in IE9, v. 9.0.8112.16421 (although I did get a general on-site error when trying to upload an empty .txt file, but this seems wholly unrelated).
The solution for ie9 is simply to upload using https:
https://www.parse.com/questions/internet-explorer-and-the-javascript-sdk
Even though you are sure that it's related to the user clicking the anchor within the email I would say it's because of policy settings within Internet Explorer. I have seen errors like these before and noticed that the most common errors were related to Internet Explorer policies of users within a corporate environment.