I am developing a firefox web extension (Add On) which communicates with my Native Mac Application through "Socket Connection". I got stuck with the requirement to authorise the Client (Socket client from firefox add on) as I am unable to find out a unique identifier for my unpacked firefox add on.
I am trying to map the unique Id in the application side so that I can check whether the add on with same Id is trying to connect to the Socket server which would be restricted in case of unauthorised Identifier.
The identifier that comes along with Origin header in the connection request is Internal UUID of the add on which changes on each installation as per Firefox documentation.
I welcome an answer that could guide me to choose a perfect unique identifier or different approach that could validate the add on.
To have it work in this scenario, you will need to add in the applications key in manifest.json
Once you have finished developing the extension, you can package it and submit it to AMO for review and signing. If the packaged extension you upload does not contain an ID, AMO will generate one for you. It's only at this point that the add-on will be assigned a permanent ID, which will be embedded in the signed packaged extension.
Check out MDN webdocs for the full information on that though. They have full guides on how to use AMO as well.
Related
I try upload new version of my app and I do it directly from XCode. After succesfull upload I do not see new build online on AppStore connect, but XCode says that upload is done.
As You see, 1.0.52 is created by Xcode but empty. 1.0.38 is my old build when all was ok. Any idea how to fix it? I can manually create iOS build on AppStore Connect and add package from my computer?
AppStore Connect didn't return any error, but now I found email on my developers email account. I missed one value at info.plist, similar problem like there: NSAppleMusicUsageDescription - Missing Info.plist key
But about it I didn't have any information on AppStore Connect, only on email.
Part of email:
Dear Developer,
We identified one or more issues with a recent delivery for your app, "**** ***" (***** ***). Please correct the following issues, then upload again.
ITMS-90683: Missing Purpose String in Info.plist - Your app's code references one or more APIs that access sensitive user data. The app's Info.plist file should contain a NSAppleMusicUsageDescription key with a user-facing purpose string explaining clearly and completely why your app needs the data. Starting Spring 2019, all apps submitted to the App Store that access user data are required to include a purpose string. If you're using external libraries or SDKs, they may reference APIs that require a purpose string. While your app might not use these APIs, a purpose string is still required. You can contact the developer of the library or SDK and request they release a version of their code that doesn't contain the APIs. Learn more (https://developer.apple.com/documentation/uikit/core_app/protecting_the_user_s_privacy).
How can I verify the signature of a message following the CMS structure (https://www.rfc-editor.org/rfc/rfc5652) by using the Firefox Add-On SDK?
I already could find some classes (e.g. http://doxygen.db48x.net/mozilla/html/interfacensICMSMessage.html), but I'm unsure if I can use them in an Add-On as there is not very much documentation.
If this is not possible, is there at least a way to check if the given certificate of the message is trusted by the list of CAs built into Firefox? (I'll try to use the webcrypto API to verify the signature in this case)
I set up Google Play Games Services through the Google Play Developer Console by following the instructions here.
I went through the troulbeshooting guide here.
If i run my app through eclipse, it can connect fine to Play Games. However now the update is released and if I download it from the Play Store it cannot connect.
I verified that my SHA1 from the android export matches what is in the developer console. I even tried linking a new app with the SHA1 and it says: "This client ID is globally unique and is already in use."
I am now panicking because my game is live and can't connect. Help!
EDIT:
I added my client ID through the Google Play Developer Console, not the Google Developer Console. I removed the Client ID that was in the Google Developer Console.
Edit:
I cannot add a new client in GDC, i get an error about "duplicate fingerprint":
Have you tried deleting the console project related with your play service game installed application ?
Before altering / adding new API clients, make sure that you have checked the following:
IS your play games project published?
Or, are the accounts you are using for testing included on the testers list?
Are you signing your app correctly? If you are using your debug keystore in a released game, the app will not correctly be able to authenticate.
At any rate, deleting clients could fix working apps if you have already published and I'd hate to give you advice that breaks stuff. That said, if you're sure you need to create / recreate your client, move on.
The reason you are encountering the "This client ID is globally unique and is already in use." issue is that there exists a client with the same package name and SHA-1 hash in any Google Developer console project (not necessarily a Google Play Games project, not necessarily the current project, and not necessarily a project for your account if you are working on teams). This is because the combination of package name and SHA-1 hash must be unique for authentication.
At any rate, it's possible that the project still has a client (for Android) created that needs to be removed. This means that you must either remove the "bad" client from the developer console, re-sign your app with a new keystore, or use a different package name.
Option 1 - Removing clients
Although this is the most destructive option, it may be a good approach if you already removed clients from the Play Games Developer console and don't want to change your configuration.
Access your project from https://console.developers.google.com because this will give you a superset of the clients created from the play games console and will have an according project. Select the APIs & Auth -> Credentials section. From here, remove any Android clients you intend to replace.
Return to https://play.google.com/apps/publish and select your games project. You should now be able to add another client.
Option 2 - Create a new keystore
This is best covered in the Android documentation. After changing your keystore, you will be able to add another client using the new keystore signature.
Option 3 - Change the package name
You must update com.yourname.app with something other than com.yourname.app. This means renaming folders in your Android project, changing includes and package namespaces, and updating your project's AndroidManifest.xml.
After changing any of these, you should be able to create a working Google API project and get your app ready.
Have you only one account?
"This client ID is globally unique and is already in use."
Maybe someone is using your sha1... or you with another account
Do I really have to put a company identifier into my app? (Like com.example)
When my app arrives to the app store will it be a link for a website?
I don't have a website, so do I have to create one?
Is there any way to not put the company identifier?
No, I think this is not like as you thinking about it.
A bundle ID precisely identifies a single app. A bundle ID is used during the development process to provision devices and by the operating system when the app is distributed to customers.So there is no need to add name of the company or etc.
The bundle ID string must be a uniform type identifier (UTI) that contains only alphanumeric characters (A-Z,a-z,0-9), hyphen (-), and period (.). The string should be in reverse-DNS format. For example, if your company’s domain is Ajax.com and you create an app named Hello, you could assign the string com.Ajax.Hello as your app’s bundle ID. For More you can review this document about by AppDistributionGuide Apple
And As when we submit the app it requires some links of website as i put Apple.com as i di't have website.
As the Support URL is for that provide support for the App that you submitting on App store and another one is for providing the information that you submitting on App Store.
You should setup at least a basic web site for your customers, for support and so you can show a little more about your app than what the App Store allows. You can setup cheap (but decent) hosting at Squarespace.com or something similar.
I definitely wouldn't put Apple.com as your support URL. I've actually seen apps rejected because the web site they linked to for support wasn't available when they reviewed the app. That was a few years ago, not sure if they're still strict on that.
The idea for the bundle id is to ensure you pick something unique that won't conflict with others. If you use com.example.myapp, but don't actually have the example.com domain, it's possible you'll conflict with someone who does have example.com.
I have been running the facebook c# sdk successfully for a good year or more, and it stopped working early december. This was due to the API changes at Facebook, and an informative error told me that i needed to use some new parameters in my calls (specifically oAuth: true )
I read up on the changes, and updated the sdk via nuget, which is now running on version 5.4.1.0 of Facebook.JavascriptMvcWebsite and FacebookWebMvc and the other required libraries that make up the facebook c# sdk.
Now, when clicking the facebook login button i get a different error...
Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/login.php?api_key=251066398241630&skip_api_login=1&display=popup&cancel_url=https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%26error_reason%3Duser_denied%26error%3Daccess_denied%26error_description%3DThe%2Buser%2Bdenied%2Byour%2Brequest.%23cb%3Df3570617%26origin%3Dhttp%253A%252F%252Fgem.local%252Ffbb4f09e%26relation%3Dopener%26transport%3Dpostmessage%26frame%3Df1c822218c&fbconnect=1&next=https%3A%2F%2Fwww.facebook.com%2Fdialog%2Fpermissions.request%3F_path%3Dpermissions.request%26app_id%3D251066398241630%26redirect_uri%3Dhttps%253A%252F%252Fs-static.ak.fbcdn.net%252Fconnect%252Fxd_proxy.php%253Fversion%253D3%2523cb%253Df3570617%2526origin%253Dhttp%25253A%25252F%25252Fgem.local%25252Ffbb4f09e%2526relation%253Dopener%2526transport%253Dpostmessage%2526frame%253Df1c822218c%26sdk%3Djoey%26display%3Dpopup%26response_type%3Dtoken%252Csigned_request%26fbconnect%3D1%26from_login%3D1&rcount=1 from frame with URL http://gem.local/Account/LogOn. Domains, protocols and ports must match.
The console window in Chrome then racks up about 5 of these errors a second, all coming from the facebook login dialog.
I have tried modifying the fbChannel.ashx file to explicity use http:// instead of just // (which respects the current protocol) and also have done the same in FacebookInit.cshtml, but none of this is making any difference.
I also modified my facebook app settings to allow deprecated code...
What am i missing here? I understand why the browser is having a fit over cross domain access, but what is causing this? Have facebook completely switched to https? can i still use facebook logins over http?
I have a test site up where you can see the error in action
Any help appreciated.
Clear the App Domain Field (leave it blank) in Facebook Application --> Basic Info