I'm trying to upload my first website which consists of frontend(react) and backend(django).
So when I use it on development, all works just fine, it also works fine when I search for the IP of my VPS, but the problem comes when I try to login with the domain instead of the ip, for some reason the cookie isn't set after I login, but in with the IP it does, fyi both of them use the exact same backend and frontend.
Here is the web: website with domain and here is the one without domain/IP website without domain
It seems that if you visit the site using the domain name, the react backend is still pointing to the ip address. And because you have debug on I can see that your login url is something like <your-ip>/api/login, even though the login link should be domain.com/api/login.
Cookies only work for the domain you logged in from, so that's your ip. You need to configure react to change the url depending on the website's hostname.
Also you have some CORS problems because you API is on port 8080 instead of 80.
Related
I'm using Google's Java Client for server-side JWT authentication, along with their HTML snippet for the frontend. I'd like to do some testing locally to make sure my user flow works - but I'm not able to get my JWT from the frontend sign-in steps.
https://developers.google.com/identity/gsi/web/guides/display-button
I've entered my correct client ID, but I think it's upset that I used localhost:3000/login as the redirect route. Does anyone know how to set this up for local development?
[GSI_LOGGER]: The given origin is not allowed for the given client ID.
I tried to fetch my actual JWT using the Google Sign In HTML snippet. I expected this to work fine, since it's my actual google account and a legitimate client ID.
I have developed a website and deployed it via Google App Engine. But when I open the website with full url let's say "https://www.website.com" it opens but when I type "website.com" in url section of the browser it doesn't opens and says the site is not secure. How can I resolve this?
It looks like a couple of things are happening
If you just type in 'website.com', the browser will try to open 'http://website.com' (note there is no subdomain -www i.e. you are using the naked domain) unless you have done a redirection to 'www' in which case, you will get 'http://www.website.com'
If you have specified 'secure' always in your 'app.yaml' file, then GAE will redirect the 'http' to 'https'
It seems like
a) You have specified 'secure always' in your app.yaml file
b) You are not redirecting naked domain to sub-domain
c) You have mapped the sub domain, 'www' to your GAE appspot domain. You have not mapped the naked domain
Solution
Map both naked and subdomain (www) of your custom domain to your appspot.com urls
Enable SSL for both mappings
The browser will give you a not secure message but it will also allow you to "proceed with risk".
For example, take a look at this image:
chrome screenshot ssl warning
Click on Advanced >> Proceed to website name (unsafe). This will take you to the website.
Basically, the original problem is that your website is not redirecting to https when someone lands on the http page.
Follow this tutorial here to do so:
https://cloud.google.com/appengine/docs/standard/nodejs/application-security
Edit 1
I have just read your question again. I think your website does redirect from http to https but the problem is that the SSL certificate attached to this website is invalid. You need to have a good SSL certificate; one which has not expired.
Sorry that my question might be repetitive but none of the solutions provided in other links have resolved my issue. Below is my situation
We have ASP.NET Core 3.1 Web application to which we are trying to use Azure AD so that users can login with our Enterprise Credentials. We started with ASP.CRORE MVC default template and enabled to Use Organization credentials and Authentication is working in our Local environment. We are now trying to deploy this app to other internal environments. So we have deployed this to two of our internal servers and configured IIS to refer this website with http IP's assigned. I was able to create Azure App registry for this application and was able to add the http IP's through Manifest, added the clientId to the appsettings.json file and the authentication is working if we refer the website using the http IP's. I have also tried by assigning https IP's assigned to the same websites and added them to Azure App Registry and again the authentication is still working if we refer the website with either of the 2 https IP's.
Now we have decided to create URL something like https://ourwebsitename.companyname.com which resolves to either of the http IP's using F5 Load balancer. I was able to add the URL to the azure app registry and using the same clientId in appsettings.json in the same way how the app is working with http or https IPs. But somehow when we refer the website URL
https://ourwebsitename.companyname.com we are getting the error as mentioned in the title of the question and I did observed after I hit the URL, its getting redirected as redirect_uri=httpXXXX instead of https which I thought may be the reason of the issue but unable to resolve. I have googled it and tried with various solutions but none resolved and so I am posing it again hoping for a luck if someone can provide me a solution.
Following are the links which appeared close to my situation but didn't work for me
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-5.0
https://github.com/AzureAD/microsoft-identity-web/issues/115
Thanks in advance.
I looked at the sample you provided, and it does not provide the redirect_ url key in appsettings.json. So, based on my experience, it should have a built-in redirect_ url. Otherwise, the aadsts50011 error will not be reported.
To deal with this kind of problem, you can try a general solution:
When you visit the application url , you will be redirected to the login page. Decode the authorization request url, you will find redirect_url, copy the value of redirect_url and paste it into the azure portal, and try again.
For the redirect URL, it should start with https, if you need to start with http, you must configure it as http://localhost.
I recently purchased a domain with Yahoo Domains for my GAE app. Where I managed to get the domain mapped into my GAE account.
Now, since GAE does not support naked domains, I just placed the CNAME for www to point to Google App Engine.
Everything works fine now, i.e. my app can be accessed through http://www.my-example-domain.com
The problem is with naked domain (with Yahoo), I am trying to forward the naked domain http://my-example-domain.com to http://www.my-example-domain.com however, the domain manager is complaining that the forward is not possible.
What could be the problem that forward is not possible? Also, is there a way to solve this in GAE management console, since Yahoo domain manager seems to not able to handle this.
Hi Please try to do the following changes from your Google Apps Admin Console.
Go to this URL for Domain Management Settings in Google Apps Console.
Under the Domain Management. Click on change redirect and add www.example.com. Also check the attached screenshot for the same.
Also follow the instructions provided in the URL change A record below change redirect url.
After making these changes you will see the URL will get redirected automatically.
I have a cakephp app that I have to move to a new site. I am running the host of an IP without a domain name. My application after I login the user redirects to a localhost address. There is obviously nothing there, since the installation is on a remote machine. Anyone has any suggestions what I should look for?