Linkedin profile image url giving access denied - linkedin

I have used Spring social for integration with linkedin.
When the integration completes we save the users profile image which has below url:
https://media.licdn.com/dms/image/C5603AQHQ0C7xKhQehg/profile-displayphoto-shrink_100_100/0?e=1527508800&v=alpha&t=vkxX_3Uw7qe8d_9ZSqPwQGpwa6nfUmkzMgEKtMdgf1g
But this url is giving access denied error. Is there something I am missing?

This may help, As per https://developer.linkedin.com/docs/ref/v2/media-migration,
The new id will be dynamic and can change from time to time. We recommend retrieving at least once every 60 days to update your media-typed URN.
This could be one of the issue which you might be facing.
In order to fix this, I save the image, the moment it is received on to personal storage(AWS S3).

I looked at the URL of my picture of my In Public profile and the one returned from the API.
The picture URL in the XML returned after the ? for params v and t had &amp ; instead of &:
e.g.
https://media.licdn.com/.../profile-displayphoto-shrink_200_200/0?e=152800"&amp";v=beta"&amp";t=LJTrw_oj9npH06X1u0HjQ
Replacing it with something like:
pictureURL = pictureURL.replaceAll("&amp ;","&");
fixed the issue for me.
Hope this helps
Note that there is an extra space between &amp and ;. It would have formatted otherwise.

Related

LinkedIn sharing SHARE_URL#HASH URL Param

I am faced with a LinkedIn sharing issue.
This issue probably reproducible from March 1st 2019.
I share some url e.g. https://www.linkedin.com/sharing/share-offsite/?url=SHARE_URL#HASH
Worked before: link in post(href) - SHARE_URL#HASH
Works now: link in post(href) - value of og:url meta tag from SHARE_URL#HASH page
So we lose request parameters in SHARE_URL and #HASH
How we can pass link for LinkedIn post into request?
You need to do URL-encoding with parameters you are feeding to another URL. So, this is what you should want...
https://www.linkedin.com/sharing/share-offsite/?url=SHARE_URL%23HASH
Remember, URL's use things like ? and # to indicate a special argument occurring after this character. So, for instance, example.com/share.php?title=thisistitleright?&..., how would the browser know that the first ? indicates the GET param and the second ? is a part of the title argument? Easy: URL encoding.
In case you want to know more: Official LinkedIn Share Documentation

Getting S_412_PRECONDITION_FAILED=Invalid arguments error in Linkedin share api

When try to update status with link in linkedin api i'm getting this error frequently.
Example Link:
http://www.world-grain.com/articles/news_home/World_Grain_News/2016/06/General_Mills_files_patent_on.aspx?ID={30B4213B-4E10-4AF6-9B56-0D5614D7AFD3}&cck=1
If i remove the { and } from the link it get posted. Even in linkedin site itself its not working.
Help me if anyone know the reason.
I was receiving the same error and the reason was that I didn't send values for all the keys in request's body. For example: "content" parameter in linkedin's request body is a dictionary with 4 keys:
title
description
submitted-url
submitted-image-url
I had no image url so I didn't set the key "submitted-image-url" at all. The solution was to set the value to empty string "".
I wonder why linkedin can't parse dictionary if it doesn't have all the keys but that's the way it works.
Hope this helps
You may need to URL encode the braces in your link:
http://www.world-grain.com/articles/news_home/World_Grain_News/2016/06/General_Mills_files_patent_on.aspx?ID%3D%7B30B4213B-4E10-4AF6-9B56-0D5614D7AFD3%7D&cck=1
I ran into the same error when I attempted to pass a URL with spaces. It published successfully after URL encoding the spaces (%20).

URL filtering , issues with URL

I am working on a URL filtering project . I have a database given to me which contain URLs need to be blocked (eg: a.b.com/d/e).
I get uri and domain from http request. I compare what I get with my database and redirect users without any problem. So far so good.
Problems starts with urls that contains query string and other magics with URL. As an example if user enters a.b.com/d/e?junk. What I get won't match with my database, and users will bypass my filter and they will still be able to go a.b.com/d/e.
I tried some useless actions like slicing everything after special chars like "?,#". But having problems with url like : youtube.com/watch?v=12vh55_1ul8, which becames like youtube.com/watch and blocks all youtube. That solution causes me more problems.
Now I am very confused how to handle this problem. Is there any guide or any library which I can use in C++ ?
Try this code:
string str (get_requsted_uri());
string str2 ("http://getaroundfilters.com/article/889/proxy");
if (str.find(str2) != string::npos) {
block();
} else {
get_and_return_webpage(str);
}

Saving information from being compromised by url change

In some webpages or views, I have information displayed in table. Column values are rendered as links.
Problems:
When I hover over the link, it's URL is visible at the bottom of browser.
When I click on link, I show information for the resource requested in URL. (www.someurl.com/Employee/67 gives me information of employee with id = 67).
Now, this URL is displayed in browser. If you change URL to www.someurl.com/Employee/88, it shows information of employee with id = 88 though the logged in user is not supposed to see information for employee id 88
This are serious security breaches.
I am thinking of following as possible solutions:
URL masking at application level
Base64 encoding of URL to shorten and obfuscate it, so that users can't just throw values in the URL.
#Html.AntiForgeryToken() and ValidateAntiForgeryTokenValidation mechanism
Is there better and more secure approach other than above to solve this issue?
Check in Controller serving www.someurl.com/Employee/88 if currently authenticated user has access to Employee with ID 88 and throw exception if he does not - no need to mask url.
If the user is not supposed to be able to see the employee with the id of 88 then they should not be able to see the information for the employee with id 88. The URL is more or less irrelevant and is in your case only giving them an obvious clue as to how to gain unauthorised access to data in your system.
You need a proper security plan where data is only served from the database to the UI via the business layer if the logged in user if authorised to see that data.
Here is my idea about your first approach security breach:
Mix your id with some GUID or complex structure while sending it, and when you receive it, took out your id from this and then proceed. [ Your masking idea]

Collation urls not followed for Google Webmaster

I got lots of not followed page on Google Webmaster. I check them and is because lots of url are like http://www.mysite.net/2013/06/burn-notice-7%C3%9702-sub-espanol-online.html
whe the correct url have to be http://www.mysite.net/2013/06/burn-notice-7x02-sub-espanol-online.html
Im try to post a title wit many "x" on it and the only that weird %C3%97 when I post for example a new serie episode like this title: Burn Notice 7x02 Sub Español Online. When the x is between number appear %C3%97 and that made my posts duplicate.
So I try to fix changed the database collation from latin1_swedish_ci to utf8_general_ci but is still the same happend. I check as well my wp-config.php and is define('DB_CHARSET', 'utf8');
Please, some body know any good solution to fix all this situation? The database is quite big and supouse if I find a solution I need update the old url.
Thank you on advance
The URL you say Google is using:
http://www.mysite.net/2013/06/burn-notice-7%C3%9702-sub-espanol-online.html
is almost the same as the URL:
http://www.mysite.net/2013/06/burn-notice-7x02-sub-espanol-online.html
as the percent encoded characters actually repreesent Unicode Character 'MULTIPLICATION SIGN' aka it's an '×' not an 'x'. Google is just using the percent encoded version to be safe. That means that your database is probably fine, as it is showing URLs as valid UTF8.
The problem probably lies in how you're interpreting the requested URL and trying to match it to the database. PHP should already be decoding the percent encoded value to '×', so either:
Something is breaking the string (e.g. calling a non-multibyte safe function like strtolower() instead of mb_strtolower()).
Your PHP code is connecting to the database in a character set other than UTF8, please check that your my.cnf file contains 'default-character-set=utf8' in the client section.
or there's some other issue. The URL does appear valid though.

Resources