I’m using Firebase dynamic Link in my app to share information between users ( like post id )
the URL with post id is something like : https://myapp.web.app/opkzpeokzkpk12pokfze
the generated short dynamic link is : https://myapp.page.link/abcd
everything work fine, when user click on the dynamic link we are able to decode the postId
Now I’m receiving this email from google :
We’re writing to let you know that your Firebase Dynamic Links (FDL) project(s) do not have configuration to prevent phishing. Please specify the allowed URLs that Dynamic Links in your projects can redirect to.
Specifying a URL allowlist prevents third parties from using your API key to create Dynamic Links that redirect from your FDL domain to sites not on the allowlist.
can I use this ?
Allowed domain : myapp.web.app
Regular expression preview : ^https{0,1}:\/\/myapp.web\.app([\/#\?].*){0,1}$
my app is used on production and I’m not sure about this change ?
can someone suggest if this URL is correct or which URLs can use ?
Related
I have two web application sharing one firebase (auth, db etc), it all works well, but i when users want to do a reset password, the email i can see in the Password reset template allows me to change it but i don't want to be hard specific on the url, given the password request might come from either application, is there a way to let firebase know which link to use or possibly set it from the code ?
It is not possible to change it to a fully customized URL(like mywebapp1.com), the reason for that is that it won't be possible to check if the modified URL is a valid one.
You have 2 options:
You can get a custom domain like authApp.com and follow these steps on the documentation so you can have a more personalized experience for both apps.
You can create dedicated emails based on the app (the URL will stay the same) using action links , this will show a nice layer of customization to your emails based on the specific web app being used.
I have successfully created a dynamic link via Firebase using their API as listed here: https://firebase.google.com/docs/dynamic-links/rest#creating-a-short-dynamic-link. I was wondering what the lifespan of one these "generated-on-the-fly" dynamic links were?
Dynamic Links have no time-to-live, and don't expire.
You can archive a link from the Firebase console, but that merely hides it and doesn't expire the existing link.
This reads like a XY problem though. Since dynamic links carry no authentication/authorization information, they are valid indefinitely. If any authentication is required to see the contents that the link target, you'd implement that in your app after requiring the user to authentication/authorize after the link is resolved.
If the link target has become invalid in your app, you'll want to set up a redirect in your app - so that users who have the old link end up in a useful location too. This is essentially the same that you'd do with links on a web site: instead of letting the web server show a 404 page, it's better to set up redirects to the new location of the relevant content.
I have Wordpress blog and I want to share my post blog automatically in my Facebook Fanpage.
I using NextScripts: Social Networks Auto-Poster plugin and insert App ID and App Secret (I'm already register in developers.facebook.com). But when I click Authorize Your Facebook Account, I get error that said:
"Can't Load URL: The domain of this URL isn't included in the app's domains. To be able to load this URL, add all domains and subdomains of your app to the App Domains field in your app settings."
I'm already search answer in google, but still not able to fix it.
such as do this in developers.facebook.com account:
Use Strict Mode for Switch URIs => Turn off (but cannot turn it off)
Insert https://www.example.com/auth/facebook/callback into Valid OAuth URI redirect (not solving my problem, having another error : URL Blocked)
Is there any way to fix it? I only want to share my blog post automatically to save time, just it. Any help is very appreciated, Thank you.
Some Background
We have an app which requires users registration
When a user registers, we send a confirmation email
The email contains a Firebase Dynamic Link to a web page and is caught by the app if it's installed
Since the final link contains a unique confirmation token, we generate a dynamic link each time using the Firebase dynamic link REST API
The generated dynamic link is something like this: https://{domain}.app.goo.gl/{randomChars}
The final link points to our domain, which is using HTTPS
The Problem
When I try to open that link in Gmail (both desktop and android), a pop-up appears that says:
Suspicious link
This link has been flagged as suspicious. Are you sure you want to proceed to {domain}.app.goo.gl?
Notes
It's weird that the top-level domain is from Google, and it's flagged as suspicious
The email contains other links, e.g. to the home page, youtube, instagram and facebook, and those open without any issue (all of them are HTTPS)
We're using Rackspace/Mailgun to send emails
Any insights will be really useful.
Edit:
I checked both domains ({domain}.app.goo.gl and ours) in MX Toolbox and no blacklist was found.
Dynamic links now use page.link instead of app.goo.gl. The latter url has been deprecated.
See https://firebase.google.com/docs/dynamic-links/create-manually
I am having some trouble figuring out how I can let users set their API credentials to get read-only data from the Google Calendar API.
I have it set up to use OAuth to allow a fallback. It allows the user to click for an access key to copy over and save.
However, I am finding an issue when I try to make it so users can enter their own API settings.
I tried the same method I used for the fallback, but even if they enter those credentials in they would still need to authenticate it with an access key.
So I guess my question is how can I just include a simple API key to be saved and used to get the data?
I haven't been able to find very many resources or documentation on this so even pointing me in the right direction will be very helpful.
Thanks!
EDIT:
So here is a link to the part of the Calendar API I need to use: https://developers.google.com/google-apps/calendar/v3/reference/events/list
And if you compare it to the top of the page of this API page: https://developers.google.com/google-apps/calendar/v3/reference/events/delete
You will see the delete specifies that it requires Authorization, but the List does not. All I need is the list but when I have tried to connect with it without any authorization it does not work. Am I missing something?
If the data is not public, the users will have to authenticate with Google and enter the access code on your plugin configuration. Google Analytics for WP does this, check its source.
I don't see the problem with having the users authenticating, but one alternative is to add support for service account, like the Google Drive WP Media does. In this case users of your plugin will enter the service account email and upload the private key file (I'm not sure if the Drive WP plugin implements it in a secure way).