-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instagram embed not working on live server #7
Comments
Hi and thanks for this report! Well, that's weird. We're reverse-engineering Instagram here so there's no good solution. You're trying to embed the same posts right? Because embeds won't work with private posts as requests are unauthenticated. Another possible reason would be that your server's IP is recognized by Instagram as some kind of automated IP, or an IP with lots of requests to Instagram, so they are blocking them or presenting them a captcha challenge (that the plugin is unable to solve, naturally). If you have CLI access to your webserver, can you post somewhere (i.e. in a gist) the output of these two commands, executed from your live server? $ curl -v URL_TO_THE_INSTAGRAM_POST
$ curl -vH "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0" URL_TO_THE_INSTAGRAM_POST (Warning, the output will probably be quite long!) |
Hi Amaury, I am trying to embed the exact same posts, yes. I also tried using the website with embeddings after logging out from Instagram and clearing cookies, but they still worked. So that is not the issue. These are the outputs: Regular curljelinstr@eu12 [~]# curl -v https://www.instagram.com/p/CEMH7uZHSo6/ * About to connect() to www.instagram.com port 443 (#0) * Trying 157.240.20.174... * Connected to www.instagram.com (157.240.20.174) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.www.instagram.com,O="Facebook, Inc.",L=Menlo Park,ST=California,C=US * start date: Aug 18 00:00:00 2020 GMT * expire date: Nov 16 12:00:00 2020 GMT * common name: *.www.instagram.com * issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US > GET /p/CEMH7uZHSo6/ HTTP/1.1 > User-Agent: curl/7.29.0 > Host: www.instagram.com > Accept: */* > < HTTP/1.1 302 Found < Content-Type: text/html; charset=utf-8 < Location: https://www.instagram.com/accounts/login/?next=/p/CEMH7uZHSo6/ < Vary: Accept-Language, Cookie < Content-Language: en < Date: Thu, 01 Oct 2020 18:09:06 GMT < Strict-Transport-Security: max-age=31536000 < Cache-Control: private, no-cache, no-store, must-revalidate < Pragma: no-cache < Expires: Sat, 01 Jan 2000 00:00:00 GMT < X-Frame-Options: SAMEORIGIN < content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests < X-Content-Type-Options: nosniff < X-XSS-Protection: 0 < x-ig-push-state: c2 < x-aed: 20 < Access-Control-Expose-Headers: X-IG-Set-WWW-Claim < X-FB-TRIP-ID: 1679558926 < Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 < Connection: keep-alive < Content-Length: 0 < * Connection #0 to host www.instagram.com left intact User-agent curljelinstr@eu12 [~]# curl -vH "User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0" https://www.instagram.com/p/CEMH7uZHSo6/ * About to connect() to www.instagram.com port 443 (#0) * Trying 157.240.20.174... * Connected to www.instagram.com (157.240.20.174) port 443 (#0) * Initializing NSS with certpath: sql:/etc/pki/nssdb * CAfile: /etc/pki/tls/certs/ca-bundle.crt CApath: none * SSL connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 * Server certificate: * subject: CN=*.www.instagram.com,O="Facebook, Inc.",L=Menlo Park,ST=California,C=US * start date: Aug 18 00:00:00 2020 GMT * expire date: Nov 16 12:00:00 2020 GMT * common name: *.www.instagram.com * issuer: CN=DigiCert SHA2 High Assurance Server CA,OU=www.digicert.com,O=DigiCert Inc,C=US > GET /p/CEMH7uZHSo6/ HTTP/1.1 > Host: www.instagram.com > Accept: */* > User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:81.0) Gecko/20100101 Firefox/81.0 > < HTTP/1.1 302 Found < Content-Type: text/html; charset=utf-8 < Location: https://www.instagram.com/accounts/login/?next=/p/CEMH7uZHSo6/ < Vary: Accept-Language, Cookie < Content-Language: en < Date: Thu, 01 Oct 2020 18:10:51 GMT < Strict-Transport-Security: max-age=31536000 < Cache-Control: private, no-cache, no-store, must-revalidate < Pragma: no-cache < Expires: Sat, 01 Jan 2000 00:00:00 GMT < X-Frame-Options: SAMEORIGIN < content-security-policy: report-uri https://www.instagram.com/security/csp_report/; default-src 'self' https://www.instagram.com; img-src https: data: blob:; font-src data: https://*.fbcdn.net https://*.instagram.com https://*.cdninstagram.com; media-src 'self' blob: https://www.instagram.com https://*.cdninstagram.com https://*.fbcdn.net; manifest-src 'self' https://www.instagram.com; script-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://*.cdninstagram.com wss://www.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' https://*.www.instagram.com https://www.instagram.com 'unsafe-inline'; connect-src 'self' https://instagram.com https://www.instagram.com https://*.www.instagram.com https://graph.instagram.com https://*.graph.instagram.com https://*.cdninstagram.com https://api.instagram.com https://i.instagram.com wss://www.instagram.com wss://edge-chat.instagram.com https://*.facebook.com https://*.fbcdn.net https://*.facebook.net chrome-extension://boadgeojelhgndaghljhdicfkmllpafd blob:; worker-src 'self' blob: https://www.instagram.com; frame-src 'self' https://instagram.com https://www.instagram.com https://staticxx.facebook.com https://www.facebook.com https://web.facebook.com https://connect.facebook.net https://m.facebook.com; object-src 'none'; upgrade-insecure-requests < X-Content-Type-Options: nosniff < X-XSS-Protection: 0 < x-ig-push-state: c2 < x-aed: 20 < Access-Control-Expose-Headers: X-IG-Set-WWW-Claim < X-FB-TRIP-ID: 1679558926 < Alt-Svc: h3-29=":443"; ma=3600,h3-27=":443"; ma=3600 < Connection: keep-alive < Content-Length: 0 < * Connection #0 to host www.instagram.com left intact These outputs definitely differ from what I get when I run curl locally. Locally I get all the HTML etc. |
Hum, I replied via email but the answer's not there… anyway. Okay, thanks for this data! These outputs reveal the problem: Instagram redirects the requests to an authentication page, even if the post is not private. I can reproduce this, accessing the post in my browser or using curl on my locale machine, but being redirected if requesting from a server I own (with an IP from a hosting provider, in my case Scaleway). Instagram may block or check requests incoming from known hosting providers… I'll try to investigate but for now I don't know how to circumvent this Instagram behaviour. |
Okay, glad to know it's not just me! |
Just wanted to bump this issue up. Looks like I'm experiencing the same issue with Instagram embeds. My response using CURL on my shared hosting provider returned similar results to @Bargsteen. The error on my page when viewing on the live server looks like the following. Please let me know if you end up finding a fix or way to circumvent this. Maybe a way to proxy the request using our local machines? Sure, it may break and need updating, but maybe an interim solution? |
For the moment, I don't have any proper solution, but I'll try to investigate more. I'm short on time to be honest, so it's kinda difficult to work on everything—I apologise for the delays. If anyone want to try things on this and report their findings, feel free! It would be considered. |
Hi,
I am experiencing some problems with the embedded Instagram posts.
They work locally when running a server using ddev, but not when put on my live server.
The error occurs here because the JSON returned from Instagram on the live server does not contain the correct info:
grav-plugin-static-social-embeds/shortcodes/InstagramShortcode.php
Line 80 in 212ba4c
This is the JSON received on the live server. It seems like it is not logged in correctly.
Any clue as to why this problem occurs and how I could fix it?
Please let me know if you need more information. I am not experienced in PHP at all, so there might be something obvious that I've not included.
And thanks for creating this plugin. It is exactly what I need ;)
The text was updated successfully, but these errors were encountered: