I just switched to a new host, changed all the information on my Facebook application settings page, and added the Open Graph namespace URL to my HTML element. What's the deal? On my old domain it was working and both accounts are subdomains. The difference between mine and other complaints of similar issues is that likes are not going through for me. Please help. Thanks.
This is Facebook's anti-spam measure. It will go away once people have started like-ing it.
See Facebook Like without Confirm?
This is Facebook's anti-spam measure and It will go away once people have started like-ing it.
One note to people seeing this issue. Majority of the time when you see this and you KNOW you're not phishing for likes, it's mostly likely because your QA team has liked and unliked content multiple times and short amount of time. This behavior sets off facebook's spam flags and thus adds the confirm button.
Hope that helps.
Related
I am using Mailparser to scrape a booking email, then use Zapier to create a booking in our system.
In the email is a link to confirm the booking so am wanting to use the code action to click on the link or follow the link.
Nothing needs to be seen, just follow the link & allow the page to load. This confirms the reservation
I have attempted using python & JS to no avail.
Can you point me in the right direction?
Thanks for reading!
David here, from the Zapier Platform team.
When you click on a link and it opens in your browser, all that really is is a GET request. If the site you're trying to load is simple, then this can be accomplished with a Webhook by Zapier step that make the request to the provided URL.
The big issue that'll pop up is if the site is more complex. A browser loads and execute all the javascript on the page, which our GET request won't do. If the site uses javascript to confirm the reservation (not just the page loading itself), then this isn't going to work. If that's the case, it's a lot more involved. You'd probably need to make a CLI app and use a tool like PhantomJS that can load pages and everything in them. Note that I haven't tested that on the CLI and there's a chance it's incompatible with the way we run apps, so do a proof of concept before you really dive in.
Hope this helps. Let me know if you've got any other questions!
I assume it has something to do with this:
For me Google one Tap stopped working on all my sites that previously worked. I added API HTTP refer to restriction in console.developer.com, but I still get a warning message "The client origin is not permitted to use this API." any thoughts? If you go to the page https://www.wego.com/ you can see that Google one tap still works...
https://news.ycombinator.com/item?id=17044518#17045809
but Google YOLO stop working for everyone. I use it like many people for login and it just stop work.
My domain are obviously added on console.developers.google.com
Any ETA for fix this? Some information would be great for people who rely on it.
Google YOLO is not disabled. It is open to a small list of Google Partners.
The reason you were able to access it earlier was because it was open for a short period of time but the whitelist is now readded/enabled.
Reference:
https://twitter.com/sirdarckcat/status/994867137704587264
Google YOLO was put on whitelist after a client-side exploit became clear to google.
People could cover the login button of the prompt with something like a cookie consent (which we all know people automatically accept).
Therefor people could easily steal their gmail or other details due to this google decided to put it on whitelist and review the sites that are using this technology in order to ensure that they are using it as they should.
Google retroactively labeled One-Tap as a "closed beta".
https://developers.google.com/identity/one-tap/web
The beta test program for this API is currently closed. We are improving the API's cross-browser functionality and will provide updates here in the coming months.
The link for the entire project is currently 404, but the beta statement is visible on the wayback machine.
This might be a silly question which I'll delete if I realise, so if you are reading this then I didn't yet figure it out.
I have some software which is online (addressable) and available but it's a bit of a secret, so instead of just hitting my software when you come to my domain, you are shown a blog that I wrote and hidden within that blog is a link ;)
All well and good.
Now the problem is that users of my software always post screenshots which gives my 1/2 secret URL away. EEEEK yep! So I wanted to have the url be just the plain old normal domain, so as not to make things too easy for them hacky types :p
I have full control over everything here. Clientside / Server / Everything. Initially you hit some jsp and then the GWT app (inside of Tomcat) - you have to provide login details in the GWT app. So I have plenty of places to do this URL hiding / faking but any ideas to help would be great.
...and yes I'm posting this (perhaps isn't too dumb)!
Many thanks in advance.
You can use the javascript history.pushState() here
history.pushState({},"Some title here","/")
For example, on http://yourwebsite.com/secretlink.html, after the JS runs, the URL bar will show http://yourwebsite.com/ without having refreshed the page1. Note that if the user refreshes the page they will be taken to http://yourwebsite.com/ and not back to the secret link.
You can also do something like history.pushState({},"Some title here","/hidden.jsp"), so that if the user refreshes the page you can show them an error page that tells them to find the secret link and open it again.
1. If you pushState() some other domain than your own, a refresh will happen so this cannot be abused to phish sites
Include the inner page as an iFrame
We've got a number of content managed sites that use the same functionality. We added a site recently, and the Facebook like button is failing with an error on-click (following Facebook login):
This page is either disabled or not visible to the current user.
This only happens when the Facebook user isn't an administrator of the page, or of an application we've created for the page.
The site where this is failing is here: http://beachhousemilfordonsea.co.uk/
An example of a site that works (same code): http://monmouthash.co.uk/
The Facebook like code:
<fb:like href="http://beachhousemilfordonsea.co.uk/" width="380"></fb:like>
Actions already taken
I've checked with the FB Linter and there are a couple of Opengraph warnings that do need to be fixed (add a description, increase the image size) - but these are the same for all sites so should be affecting this (it's on the dev plan to get these rectified in the next release).
I've taken a look at the Facebook App we've got running on the problem page, and checked it against other working applications and the settings are the same as far as I can see, except there are missing options with this new application:
Encrypted access token (assume this is default, not changeable now)
Include recent activity stories
It doesn't feel like the application should have much of an impact on this though, as we use the application for the other functionality within the page (which is all working fine!).
I've searched for possible issues, and checked the more common ones:
There are no age/geographic restrictions
I've submitted 2 requests to Facebook in case the content is blocked, but no response or change
Any recommendations as to what else to try?
Thanks in advance,
Kev
P.S. I asked this question a week ago but it wasn't well formed - hopefully this is a better attempt, but if you need anything else please do let me know.
I've been working on this particular error for a week now, debugging different social buttons and narrowing it down to Facebook in general: every "Like" button I've implemented (HTML5, xfbml, etc.) triggers the same cross-domain scripting error. Basically, Facebook is triggering this error with every iFrame (like below) upon clicking "like":
Unsafe JavaScript attempt to access frame with URL http://mediacdn.disqus.com/1326940420/build/system/def.html#xdm_e=http%3A%2F%2Fwww.vancitybuzz.com&xdm_c=default4311&xdm_p=1& from frame with URL http://www.facebook.com/plugins/like.php?channel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31a0247d%26origin%3Dhttp%253A%252F%252Fwww.vancitybuzz.com%252Ff3c0eb7e0c%26relation%3Dparent.parent%26transport%3Dpostmessage&extended_social_context=false&href=http%3A%2F%2Fwww.vancitybuzz.com%2F2012%2F01%2Fchinese-new-year-events-2012-vancouver-richmond-burnaby%2F&layout=box_count&locale=en_US&node_type=link&sdk=joey&send=false&show_faces=false&width=90. Domains, protocols and ports must match.
Why this isn't a duplicate: the issue occurs even in the absence of the twitter button and google+ button. it also occurs in every implementation of the "like" button. the symptoms point to a new issue.
Methods attempted: I've tried multiple "versions" of the Like button all with the same issue. It's even conflicting with DISQUS.
Suspects: Pages that do not have any DISQUS code are functioning normally. This variable (output by DISQUS wordpress plugin) is suspect:
var facebookXdReceiverPath = 'http://www.vancitybuzz.com/wp-content/plugins/disqus-comment-system/xd_receiver.htm';
In addition, javascript output by Facebook is also suspect.
See it yourself: Go to http://www.vancitybuzz.com/2012/01/research-in-motion-ceos-resign/ it's likely to change, though.
The Question
Given the information here, does anyone know of a workaround to force out the cross-domain error? Many thanks.
After multiple people have looked into this, including myself, currently there is no workaround for cross-domain errors because Facebook uses iFrames for communication.
This would also apply to the Google Plus button as it stands today.
However, the future looks bright. Google devs (and likely Facebook, too) have confirmed they are working on a new solution.
In the meantime, some people have reported that using Facebook and other widget plugins seem to alleviate the problem in Wordpress-structured sites. No guarantees.
http://mashable.com/2010/05/07/wordpress-facebook-like-buttons/
The Future: I wouldn't be surprised if websockets (and flash ws fallbacks) are used, but I'll leave that to the platform devs