I'm having problems logging in
zimme opened this issue · comments
Don't know why. Tried to Revoke the apps access with Github and added it again but that didn't fix the login problem.
Do you see any errors in the console or somewhere?
It has to do with http vs https in the console error, protocols must match
I've registered http://autopublish.meteor.com/_oauth/github?close
as authorized callback url...
There's no https involved!
What do you get as error, precisely?
Aah, the problem was I was accessing autopublish from https://autopublish.meteor.com
and then you had http://autopublish.meteor.com registered as a callback url.
maybe you can use //autopublish.meteor.com to support both protocols?
It works fine on http://autopublish.meteor.com
Uncaught SecurityError: Blocked a frame with origin "http://autopublish.meteor.com" from accessing a frame with origin "https://autopublish.meteor.com".
The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https".
Protocols must match.
storeAndClose github:23
onload github:44
No, I cannot specify //autopublish.meteor.com
:-(
Ok, is it possible to set callback url without protocol?
'autoform.meteor.com/blablabla' ?
Or maybe build the callback url dynamically and insert whichever protocol is currently in use?
Answers:
- No! Github asks explicitely for the protocol...
- No! This is stuff internal to the oauth package from the core meteor packages...
:'(
How about redirecting http to https and use https for everything until a proper solution to this can be found?
any known best practice to do so?
https://atmospherejs.com/meteor/force-ssl maybe?
This should force insecure connections to be redirected to https
You would also need to update the github login url thing to https so we don't get the error I got. 👍
I'll have a look!
tnx a lot
just re-deployed with force-ssl
and it seems to work for me.
@zimme, could you confirm it's fine on your side too?
👍 I get redirected from http to https and login with github works as expected.
great!
thanks a lot
We had to switch back to http to keep existing hooks working!
This will need some more love in a near future... :(
See also #16