This question has been flagged
3 Replies
4502 Views
communityoauthfacebookv11
Avatar
Kevin Sawyer

I have a v11 CE site running at https://mydomain.com with a valid SSL certificate from LE.  When I click the link to "Log in with Facebook" I get the dreaded "Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://" error.  But then I noticed that the URL generated by Odoo for this link does not have https, only http.  The web.base.url parameter for the site is https, but I had to freeze it by creating the web.base.url.freeze parameter with value set to True.  This is the link that Odoo is generating:

https://www.facebook.com/dialog/oauth?redirect_uri=http%3A%2F%2Fmydomain.com%2Fauth_oauth%2Fsignin&scope=public_profile%2Cemail&response_type=token&client_id=705266863150553&state={%22r%22%3A+%22http%253A%252F%252Fmydomain.com%252Fweb%22%2C+%22p%22%3A+2%2C+%22d%22%3A+%22db_demo%22}

If I replace the two instances of http with https, the Facebook login works..

Why isn't Odoo generating this link with what is found in the web.base.url parameter?  What's the best way to fix this?

Avatar
Discard
Avatar
Yenthe Van Ginneken (Mainframe Monkey)
Best Answer

Hi Kevin,

I saw a very similar issue report on Github today (https://github.com/odoo/odoo/issues/29256 ) which I assume comes from you.
I've pinged the responsible people on the issue to have a look. If they have time they'll look at it and give you feedback. It does indeed look wrong right now.

Regards,
Yenthe

Avatar
Discard
Avatar
Shen
Best Answer

Still not resolved? 

I encountered the same problem in v16 and didn't know how to solve it.

Avatar
Discard
Avatar
Kevin Sawyer
Author Best Answer

Hi Yenthe,

The Github post is not mine, but I'm glad someone posted there and I look forward to resolution of this issue.

Thanks,

--Kevin

Avatar
Discard