1

I'm using Django, and want to make Facebook login with django-allauth.

I made Facebook login with few time, and tested it with localhost.

But I found out that FB login require https after 2018 march, so when I login fb in local runserver, it gives error like Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://.

Is there any way to test fb login in localhost?

David Buck
  • 3,752
  • 35
  • 31
  • 35
seuling
  • 2,850
  • 1
  • 13
  • 22
  • you might want to look at this [here](https://stackoverflow.com/questions/2459728/how-to-test-facebook-connect-locally) – Rhythm Shahriar May 17 '18 at 02:51
  • Thanks, but it's about the url. I'm talking about http/https. FB restricts only https now, but it's impossible in localhost right? (even if I change the localhost url name) – seuling May 17 '18 at 02:56
  • 1
    no its not possible now..but you can try https://ngrok.com/. only problem here is the domain gets changed every time you reconnect. unless you get a premium account – Rhythm Shahriar May 17 '18 at 04:07
  • Oh thanks! It's pretty useful for dev environment. thankyou! – seuling May 17 '18 at 04:50
  • All you need to do, is set up your localhost for HTTPS. You can use a self-signed certificate - all the relevant stuff regarding login happens inside your browser, so it doesn’t have to be a fully “valid” setup, you’ll just have to make your browser accept the certificate, resp click through the warnings. – CBroe May 17 '18 at 06:51

1 Answers1

1

You can just use a real subdomain like dev.yourdomain.com and point its DNS to 127.0.0.1 (or can use lvh.me domain since it also point to 127.0.0.1 - but if you trust them all the time)

Then you need a layer to handle HTTPS in local for https://dev.yourdomain.com. I recommend https://caddyserver.com/

With a very simple config like this then Caddy can use its self-signed SSL cert (checkout Caddy docs to get the detail)

dev.yourdomain.com:443 {
    tls self_signed
    proxy / localhost:8080
}

Then you can open https://dev.yourdomain.com in some browsers like Firefox, Safari, Brave, etc. (I think Chrome blocked self-signed SSL site by default)

UPDATE I create a note here with more detail

https://gist.github.com/ralavay/5d74d35859f87d22c74984488f20186c

David Buck
  • 3,752
  • 35
  • 31
  • 35
neo0
  • 592
  • 3
  • 10
  • 18