Facebook: Insecure Login Blocked

[jayhoenes]

Worked for me on a different system first. Now, after setting up on a second system, this error appears.
Any ideas?

[bugos]

I solved it by enabling https for my node app.
I created an https certificate for my server using the manual method from https://certbot.eff.org/docs/using.html#webroot
We will need the files fullchain.pem and privkey.pem':

Edit index.js file of the app adding lines

var https=require('https');
var fs = require('fs');

in the start of the file
and

const options= {
        cert: fs.readFileSync('/etc/letsencrypt/live/mydomain/fullchain.pem'),
        key: fs.readFileSync('/etc/letsencrypt/live/mydomain/privkey.pem')
};
https.createServer(options, app).listen(3004)

in the end

[Lukaszm94]

@bugos could you please provide a bit more info on how to obtain the certificate?
I tried running

certbot certonly --manual

but I don't know what domain name I should type in (as I'm running the application on localhost).
Can you give a bit more guidance on this issue?
Thanks in advance :)

[bugos]

I you are running in localhost I don't think you can request a valid certificate since you don't have a domain name. Check this answer where there is a link on how to generate a self signed certificate and use that.

I think you will have to use Firefox to be able to bypass the "invalid certificate" warning that you are going to get because of the self signed certificate(google it for more details).

[Lukaszm94]

Thanks :) I managed to get the certificate using this instructions: https://www.akadia.com/services/ssh_test_certificate.html
One important info: to enter the website one should use link https://localhost:3004 (not 3000).
Thanks again.

[Lukaszm94]

@bugos, maybe you can help me with one more question? :)
I set up the application on Raspberry Pi Zero W (running Raspbian). I am able to access the page with plots via browser running on RPi. But when I enter the website from my PC (via link https://192.168.0.x:3004) and press "Log in" I get an error from Facebook:
Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings.
I tried adding RPi's IP to App Domains, but Facebook won't allow that :/
Is there any way to access the website (plots) from computer other then the one running the application (in local network)?

[bugos]

@Lukaszm94, I tried adding an ip in my facebook Client OAuth Settings and it did accept it. It also accepted it in the Advanced Settings->Domain manager list, after I unchecked the JS/CSS Prefetch option.

If that doesn't work you can also try one of the options from here https://superuser.com/questions/1113845/how-to-give-a-domain-name-to-a-local-ip. The simplest is option three where you would add a line like 192.168.0.x my-raspberry.net in your hosts file.

[fmamf]

@Lukaszm94 Can you please share how you solved the issue in details?

[Lukaszm94]

Apart from steps mentioned in README, I modified index.js just like bugos pointed, but changed certificate and key paths to relative (and I also changed extension):

cert: fs.readFileSync('server.crt'),
key: fs.readFileSync('server.key')

Then I generated key and certificate using steps 1 to 4 from this tutorial: https://www.akadia.com/services/ssh_test_certificate.html
(I ran the commands in project 'root' directory (i.e. where index.js and other files are)).
On Facebook App Settings I set App Domains to localhost and added Website with Site URL http://localhost:3000 (I'm not sure if it's neccessary).
Then after starting scraper and webserver I enter the site by going to https://localhost:3004

BTW I ran those steps on Ubuntu 16 and Raspbian Lite.

@bugos Thanks, I haven't had time to try your advice, maybe this weekend I'll have some time (hopefully) :)

[pretech86]

I DO ALL steps but still not working can you help me please