不安全的登录被阻止:您无法从不安全的页面获取访问令牌或登录此应用程序。尝试将页面重新加载为https:// [英] Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://
问题描述
我正在通过使用href将Facebook身份验证API路由链接到按钮来实现Passport Facebook身份验证:
I am implementing Passport Facebook Authentication by linking the Facebook Authentication API route to a button using href like:
<a href="auth/facebook">Facebook Login</a>
当我点击按钮时,它会重定向到Facebook身份验证页面。但是在页面上,会显示一条错误消息,提示 不安全登录被阻止:您无法获取访问令牌或从不安全的页面登录此应用程序。尝试重新加载页面为https://
When I click on the button, it redirects to the Facebook Authentication page. But on the page, an error message is displayed saying something like "Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://"
如何解决此问题?
推荐答案
令人惊讶的是,我刚刚开始尝试像一小时前那样做同样的事情并且一直有同样的问题。如果您进入FB开发人员门户并转到 Facebook登录下的设置,则可以选择强制使用HTTPS。
Amazingly I just started trying to do the same thing like an hour ago and have been having the same issue. If you go into the FB developer portal and go to Settings under Facebook Login there's an option to Enforce HTTPS.
进一步调查显示:
强制使用HTTPS。此设置需要使用HTTPS进行OAuth重定向,并且页面需要使用JavaScript SDK访问令牌。截至2018年3月创建的所有新应用都默认启用此设置,您应该计划将任何现有应用迁移到仅使用截至2019年3月的HTTPS URL。大多数主要的云应用程序主机为您的应用程序提供免费和自动的TLS证书配置。如果您自行托管您的应用程序或您的托管服务默认不提供HTTPS,您可以获得免费证书来自Let's Encrypt的域名。
"Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt."
参考:登录安全
这篇关于不安全的登录被阻止:您无法从不安全的页面获取访问令牌或登录此应用程序。尝试将页面重新加载为https://的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
