I've added a CNAME record to my domain, to redirect people to the heroku app that hosts a website.
Somehow, my website is responsive and mobile friendly when I go directly to the heroku page (auspermaculture.herokuapp.com) BUT not responsive and mobile friendly at all when I go trough the domain name www.auspermaculture.com (that redirects to the heroku app using a CNAME record)
I can only see the differences when I actually open up the websites on my phone (iphone 5). In my web browser, the website is responsive not matter what adress I browse to. So if you want to see what I'm talking about, you might have to use your phone.
Any idea what would cause the differences? And is there a way to solve it?
UPDATE
It's not a caching issue.
After deleting all browser data on my phone, I still get these differences.
Here's 2 screenshots to clarify:
Turns out that Godaddy wrapped the whole website in a <frameset> because I forwarded the adress with masking. Forwarding it without masking turns out to be the solution.
Related
Here is the screenshot of this.
Few monts ago I deployed my this laravel app in cpanel. But Now when I'm accessing the site it shows me this message... I think it is hacked or malwared added in the app.
Can anyone tells
what are security steps? should I have to follow for deploying the project in cpanel securely...?
How can I protect my app from attackers in cpanel?
What I missed on basic think in my app was APP_DEBUG was false I have to set this to true.
Except this is App_Debug:
Is there any security should I follow...
Or should I have to move shared hosting to dedicating hosting..?
This has nothing to do with your hosting or your APP_DEBUG setting. In fact never set APP_DEBUG to true on a live website this can leak all your environment variables including database credentials to the world
Here's an explanation from the google site:
Social engineering is content that tricks visitors into doing something dangerous, such as revealing confidential information or downloading software. If Google detects that your website contains social engineering content, the Chrome browser may display a "Deceptive site ahead" warning when visitors view your site. You can check if any pages on your site are suspected of containing social engineering attacks by visiting the Security Issues report.
In your case it may be because either (as you said) the website was hacked and this content injected in it or (less likely) there is content you added to the site that Google is interpreting as misleading (either because it is or because it looks like it is even though it is not).
The remedy here is explained by the above linked site (wont include the entire text just a gist but do check the entire Google site):
Check in with Search Console
Remove deceptive content
Check the third-party resources included in your site
Request a review
If your page has been hacked then you should probably just delete everything, change your passwords (all of them) reset the app key and re-deploy it. Also contact your shared hosting provider to tell them what happened in case they need to be aware of any vulnerabilities or credential leaks.
I purchased a domain with Google and I would like to associate it with a Heroku app. What is the step-by-step process to achieve that?
I recently connected my app to a custom domain. Although my domain is purchased from AWS route53. I think the approach generally is the same.
First of all, you can check out this page written by Heroku. https://devcenter.heroku.com/articles/custom-domains
I believe the tutorial given by Heroku works. However, I am tired of all those CLI that make things unvisable XD. Luckily, we can configure it from the Heroku website instead of the CLI.
Here is my approach:
First open your app in the Heroku web page, then click the "Settings" button
https://dashboard.heroku.com/apps/{your app name}
Scroll down until you see the "Domains" section, Then click "Add domain"
https://dashboard.heroku.com/apps/{your app name}/settings
Input the domain name you purchased from google (eg. www.example.com)
After adding your domain, Heroku will give you the DNS target.
From your google domain DNS management page, you should be able to add a new record for your hosted zone.
Finally, add a new record with simple routing policy, type CNAME, and value equals to the DNS target provided by Heroku.
It is really simple if you follow these steps correctly. Due to my reputation level, I cannot upload photos. Feel free to contact me if you want some image to guide you how to locate the buttons :)
It’s only 3 steps:
1. Heroku, in your app > Settings > Add your domain:
Add www.[foo.com] (Note: www is KEY!) to your app
Copy the [DNS Target] it gives you
2.Google Domains > DNS > Resource records > Custom Records > Manage Custom Records:
www, CNAME, [DNS Target]
Now you’re basically set up. If someone goes to https://www.[foo.com] in a few minutes, they’ll see your Heroku app hosted at [DNS Target]. But if they go to any other permutation (http, non-www) they’ll get a 404 error. To solve this, we’ll set up permanent redirects to the main version in the next step.
Google Domains > Website > Add a Forwarding Address:
From Field: [foo.com]
To Field: https://www.[foo.com]
Permanent Redirect (301)
Forward Path (so that [foo.com]/about forwards to https://www.[foo.com]/about)
SSL Enabled
Boom. Wait a couple of minutes for DNS to catch up, and you’re done.
heroku certs:auto:refresh
In Terminal refresh the SSL cert settings on Heroku, and check the Heroku Dashboard to confirm everything’s working.
Confirm all the below permutations forward to your site correctly:
https:
https://www.[foo.com]
https://[foo.com]
http:
http://www.[foo.com]
http://[foo.com]
paths:
https://www.[foo.com]/about
http://[foo.com]/about
PS: So does this work for the naked domain like [foo.com] instead of www.[foo.com]? No! Google Domains does not support ALIAS domains, and therefore in combination with Heroku does not support forwarding to the naked (aka. root aka. apex) domain. Sorry! This surprised me too :( Source 1: Heroku Docs | Source 2: StackOverflow. Your only alternative here is to transfer your domain (which costs money) to something like Cloudflare.
A working answer with these explanations is taken from https://nikodunk.com/heroku-ssl-google-domains-2019/
Just to add to Fergus's answer, if you are seeing the warning "cant add cname records as root domain" add www to the host name input.
I have a heroku app hosted at https://rosalinep.herokuapp.com/ that I'm trying to move to the address www.rosalinep.com. (I'm not picky about redirections from rosalinep.com or https vs http, I just want to have this website launched without 'herokuapp' in the url right now.) I used Google Domains to get the domain rosalinep.com, and used the following configurations:
On Google Domains:
synthetic records image
custom resource records image
On Heroku:
domains image
Last night when I first tried to launch this, it worked, but this morning I'm seeing the following error page (which is a total bummer...):
broken website image
Running 'heroku domains' confirms www.rosalinep.com is in the app's custom domains.
I did some searching to try and fix this problem, and it looks like some people in similar situations have reported success in using CNAME like I used, but Heroku's documentation seems to say that an ALIAS or ANAME is necessary for root domain configuration, and those options are apparently not supported by Google Domains.
Because of how Heroku works, they do not release the IP addresses of the apps you create on it, so I can't directly feed it an IP address.
I've gotten pretty stuck and confused in trying to resolve this. Any info on whether I can get this working with Google Domains would be greatly appreciated. Also, if it can be helped, I'd like to not pay for any additional services.
If Google Domains is a non-starter for this though, well, I'm open to other Domain registration websites.
Fixed it! :) After all that, it was just four characters that caused all this headache...
The issue was that in the Google Domains custom resource records section, in the Data field I had 'www.(dns_data_here).com.' when it should have '(dns_data_here).com.'
The site is now up and running on the new url!
Example
Let's say we have a domain www.example.com.
This domain points to Heroku and we have functional website.
example.herokuapp.com
www.example.com
When we load the website
www.example.com
our website works and succesfully loading App on Heroku. Let's say it is running a Django framework (Python Environment)
There is another website that has different IP and is built in Ruby Rails for example and is running on different host provider.
If we load the website www.example.com, we are on the homepage, we can easily browse different pages like about, photos, videos etc.
Is there a possibility if I type
www.example.com/store/
that it would load that ruby rails website?
Let's remove possibilty moving the app from different provider to heroku or any other provider that www.example.com is on (or precisly were example.com points to in DNS).
Is it possible to map it somehow or point it in DNS to make it work like that?
Short answer: no.
Longer answer, you could use a 301 redirect from /store/ to the other site, or a subdomain, like store.example.com. For more information, read up on DNS A records, as you suspected! Good luck!
I sat up facebook connect extension on my magento store, which allows customer to login to the store with their facebook account. After filling api key, api secret in magento and config site url in facebook apps, the extension worked perfectly. However, if I switch to another store (with another domain), it won't work anymore. Is there a way to have magento connect to facebook without matching site url?
Here is the extension I got from: http://inchoo.net/ecommerce/magento/facebook-connect-magento-extension/
I'm not fully aware of how that Magento app works internally, however what I would say is that Facebook strictly speaking, does not allow apps to work across multiple different URLs. You can add multiple subdomains, however.
There is also some unsupported functionality allowing you to run apps across different domains details in this question, though it's worth remembering, this is unsupported.
The Facebook docs have some more info on "App Domains", and how they should be configured.