When I try to use Facebook login on this site:
by clicking the button at the top of the page, I get a popup with the URL:
I enter in my Facebook creds and submit. In Safari, this works and login completes. In Chrome, the popup goes blank but stays open. The popup URL is
https://parlay.io/_oauth/facebook?close&code=...
The popup console says:
Uncaught SecurityError: Blocked a frame with origin "https://parlay.io" from accessing a frame with origin "http://parlay.io". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.
The error occurs on line 23:
I don't know why this popup is trying to access http://parlay.io. I do not have http or http://parlay.io as a setting anywhere in my app.
This is using the 'popup' style oauth. When I switch to 'redirect' style in Chrome, the first time I login, I get this error on the server:
{"line":"398","file":"oauth_server.js","message":"Error in OAuth Server: redirectUrl (http://parlay.io/) is not on the same host as the app (https://parlay.io/)","time":{"$date":1435164688847},"level":"warn"}[parlay.io]
and I get redirected to same signin page. The second time I click login, it works. The second click can be automated with:
I had the exact same problem, under similar conditions (Meteor 1.3.x, ROOT_URL set to https, FB/Twitter apps set to https.)
What fixed the problem for me was to set up my site to always redirect HTTP requests to HTTPS. I am using Cloudflare, so I followed the instructions here:
https://support.cloudflare.com/hc/en-us/articles/200170536-How-do-I-redirect-all-visitors-to-HTTPS-SSL-
After making the change, sign-in worked like a charm across different machines. Final results here:
https://goodbyegunstocks.com