-
-
Notifications
You must be signed in to change notification settings - Fork 420
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(insecure_transport) OAuth 2 MUST utilize https. #287
Comments
I've removed everything from the function which could lead to the problem and squeezed all in one, I even hardcoded the URL like this:
The issue is not cause by localtunnel because it happens also in my dev server. |
I arrived at the conclusion that this:
Causes chrome to say that |
My guess is that the form uses a http URL to submit the form. Want to check? |
Hi @Lukasa thanks for helping. How do I check that? |
The page is indeed "not fully protected" but it's because of the |
The problem still seems to be that the page is giving you a bad form. Look in the page source for a |
But the problem is that is not even a webpage. It has no html. It's just a
django view which receives the code exchange it for a tokes saves it and
then redirects the user to an actual page.
…On Aug 31, 2017 16:53, "Cory Benfield" ***@***.***> wrote:
The problem still seems to be that the page is giving you a bad form. Look
in the page source for a <form> tag that uses a HTTP (non-S) URL.
—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHub
<#287 (comment)>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AQu8KyI0YG7MPu3a9poS3zxkqOWg-PoDks5sdw86gaJpZM4PJIxR>
.
|
This might be because of "authorization_code = request.build_absolute_uri()". Have you tried printing it. It should contain "https" not "http". If it is not generating https the replace the string. Worked for me |
cred_state = caches['default'].get('xero_creds') |
It replaces "http:" with "https:" |
Replacing http with https definitely works for me ... thanks @arun542 for the answer !! |
This should help import os
os.environ['OAUTHLIB_INSECURE_TRANSPORT'] = '1' |
With the following solution, I could pass the error: https_authorization_url = request.url.replace('http:https://', 'https://') |
it works! thanks! |
My site is fully SSL secured. Yet when I try to exchange the code I get this:
(insecure_transport) OAuth 2 MUST utilize https.
.Chrome shows me the following message:
The page includes a form with a non-secure "action" attribute.
Yet I can't really figure out what the problem is. I double checked and the only requests I made are to the Google Apis which are fully secured.
My function looks like this:
What can be the problem?
The text was updated successfully, but these errors were encountered: