0

I've been researching and going in circles for the past few hours. Help would be much appreciated. My setup:

  • Mac OS
  • Django 2.0.2 (I use python manage.py runserver to work on localhost)
  • My app URL: http://localhost:8000/
  • Attempting to use Facebook Login / Facebook API to manage a page

I am just trying to log in to set up an access token - following the Javascript SDK which seems a straightforward path to logging in. However, on the console I get this error:

Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://

This seems to be well documented but the answers I am reading seem old. As of now, the product "Facebook Login" has a setting called "Enforce HTTPS" which cannot be changed (it is a "Yes") for the app I just created and want to test. So obviously it makes sense that I cannot do this without a HTTPS domain, although some posts say otherwise. This brings me to researching on how to get a secure https://localhost setting but this seems complex, and I'm hoping there is something I missed so I can focus on learning the Facebook Graph API.

My code is bare and just attempts to use the Javascript SDK to log in, and once I am past this I would use Python to manage it in a session. Feedback welcome.

<body>

    <!-- Facebook SDK: https://developers.facebook.com/docs/javascript/quickstart -->
    <script>
      window.fbAsyncInit = function() {
        FB.init({
          appId            : '**App ID here**',
          autoLogAppEvents : true,
          xfbml            : true,
          version          : 'v3.0',
          cookie           : true /* override setting */
        });

        /* testing login with alert */
            FB.getLoginStatus(function(response) {
              if (response.status === 'connected') {
                alert('logged in');
                console.log('Logged in.');
              }
              else {
                alert('NOT logged in');
                FB.login();
              }
            });
      };

      (function(d, s, id){
         var js, fjs = d.getElementsByTagName(s)[0];
         if (d.getElementById(id)) {return;}
         js = d.createElement(s); js.id = id;
         js.src = "https://connect.facebook.net/en_US/sdk.js";
         fjs.parentNode.insertBefore(js, fjs);
       }(document, 'script', 'facebook-jssdk'));
    </script>

Also, to get a token in HTTP, should I actually do this manually, as Facebook describes? https://developers.facebook.com/docs/facebook-login/manually-build-a-login-flow - I'm attempting this next but I'd really like any expertise shared on this forum! Thank you.

rishijd
  • 1,294
  • 4
  • 15
  • 32

1 Answers1

1

I am also facing the same issue, it seems there's no way to bypass SSL setup after hours of research (even for local development). Therefore I am going to setup up a HTTPS server too.

Here are some of the useful links I found:

Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://

Enable SSL in Apache (OSX)

Local SSL websites on macOS Sierra

How to set up stress-free SSL on an OS X development machine

Hope this helps :)

LouisTheTeemo
  • 218
  • 2
  • 7
  • Thanks a lot :) The links are very helpful, although the one I used was this because I'm using django - https://github.com/teddziuba/django-sslserver - super simple to set up, thanks to the comment from jdero on https://stackoverflow.com/questions/7610394/how-to-setup-ssl-on-a-local-django-server-to-test-a-facebook-app . It's good to hear that both of us are in the same boat, so at least this (HTTPS) is the only/correct way forward for people reading this post in the near future. – rishijd May 09 '18 at 18:01