App immediately suspended after deploying to Heroku

[NightOwlKeyboards]

I have tried deploying twice now and after a successful deployment, the app is suspended by Heroku. Is this solution still working?

[keverardus]

I'm facing the same issue. Tried it several times and after successful deployment... suspended.

[nomlas-design]

This was happening to me too so I opened a ticket on Heroku and received this response:

Recently, we've prohibited the use of https://github.com/companionstudio/instagram-token-agent, as found here in your code /app/lib/instagram_token_agent. It has been prohibited from the Heroku platform in the AUP (https://www.heroku.com/policy/aup) with regards to:

22. Use the Service to access a third party web property for the purposes of web scraping, web crawling, web monitoring, or other similar activity through a web client that does not take commercially reasonable efforts to: identify itself via a unique User Agent string describing the purpose of the web client; and obey the robots exclusion standard (also known as the robots.txt standard), including the crawl-delay directive;

Regards, Salesforce Abuse

[Matra-Simca]

Same issue for me with new deploy. I haven't received an email notifying of suspension from the App I deployed earlier in the month so not sure if that'll refresh properly yet.

[tyssen]

One I created a couple of weeks ago is still there and working, but when trying to create a new one today, I got the suspension email.

[benjamin-hull]

Hmm - okay. I'll get in touch with the Heroku people and see what needs to happen. It seems like a misunderstanding of what the agent does. Thanks for the heads-up!

[benjamin-hull]

I've just run a test deployment, and my app has not immediately (within 10 minutes, anyway), been suspended. I'm going to include some info here regarding what the agent does so I can refer to it in communications with Heroku support staff.

As far as I can tell, Section 22 of the AUP doesn't really apply to Instagram Token Agent:

• I think it's debatable that communicating with a single, authenticated API endpoint dedicated for the purpose is similar to 'web scraping or crawling', but assuming that it is the case:

• Robots exclusion standard: The agent doesn't explicitly have any rules to follow the standard, but as it makes one request to a single endpoint per day (and there are plans to reduce this further), there's not really much practical need. It's unlikely that IG will say "Slow down, once every 24 hours is too much!"

• Identify itself as a bot: This is a fair call - currently the agent doesn't send a user-agent string at all. This is addressed in #14

Hopefully this will be enough to get the app un-suspended, but if we need to make further changes to be in compliance, we can at least get some more info.

[hclieu]

Hello,

 I tried to deploy the app today, and received this error before it finished:

Rails backports are deprecated. DEPRECATION WARNING: Setting ActiveRecord::Base.configurations with []= is deprecated. Use ActiveRecord::Base.configurations= directly to set the configurations instead. (called from <top (required)> at /app/app.rb:5) DEPRECATION WARNING: Setting ActiveRecord::Base.configurations with []= is deprecated. Use ActiveRecord::Base.configurations= directly to set the configurations instead. (called from at /app/app.rb:10) rake aborted! TypeError: can't convert nil into an exact number /app/vendor/bundle/ruby/2.6.0/gems/activesupport-6.0.3.1/lib/active_support/core_ext/time/calculations.rb:264:in +' /app/vendor/bundle/ruby/2.6.0/gems/activesupport-6.0.3.1/lib/active_support/core_ext/time/calculations.rb:264:inplus_with_duration' /app/lib/instagram_token_agent/client.rb:24:in refresh' lib/tasks/setup.rake:19:inblock in <top (required)>' /app/vendor/bundle/ruby/2.6.0/gems/rake-13.0.1/exe/rake:27:in <top (required)>' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/cli/exec.rb:74:inload' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/cli/exec.rb:74:in kernel_load' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/cli/exec.rb:28:inrun' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/cli.rb:465:in exec' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/vendor/thor/lib/thor/command.rb:27:inrun' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/vendor/thor/lib/thor/invocation.rb:126:in invoke_command' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/vendor/thor/lib/thor.rb:387:indispatch' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/cli.rb:27:in dispatch' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/vendor/thor/lib/thor/base.rb:466:instart' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/cli.rb:18:in start' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/exe/bundle:30:inblock in <top (required)>' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/lib/bundler/friendly_errors.rb:124:in with_friendly_errors' /app/vendor/bundle/ruby/2.6.0/gems/bundler-2.0.2/exe/bundle:22:in<top (required)>' /app/vendor/bundle/bin/bundle:104:in load' /app/vendor/bundle/bin/bundle:104:in

' Tasks: TOP => setup (See full trace by running task with --trace)

 Did something in the code change to cause this, or is this related to the suspension issue?

[gchaimovitz]

Thanks for all the hard work! I also received the same email from Heroku regarding suspension of the app today.

[s28400]

I too have gotten the immediate suspension after deploying today.

[jakejive]

Just an update, the app is still being suspended as of today.

[RobinOTYS]

Any update on this?

[wpchen]

I got this response from Heroku when asked for details on why the app was suspended:

I will provide you the same response we provided to the author of instagram-token-agent;

Populate the 'allowed domains' list by default. By default, the app will only serve requests referred from its own (herokuapp.com) domain. It will be up to the installer to provide a list of domains to serve. Check and disallow that list being '*' so the installer can't re-open to all domains. Provide an identifying User-Agent

These are the requirements that were outlined so that this app would then be re-considered as acceptable per the Heroku AUP.

[benjamin-hull]

Hi folks - I'm working through the changes required to get this re-approved with Heroku. Should have a more meaningful status update in the next few days.

[swoadmin]

Having still the same issue here. @benjamin-hull have you been able to resolve this? Would there be an alternative to Heroku?

[davidkessler-ch]

Hi folks - I'm working through the changes required to get this re-approved with Heroku. Should have a more meaningful status update in the next few days.

Same issue for me. Any updates? Thanks for your work!!

[Kent-Gerber]

I am experiencing the same issue as well. I received this response from Heroku support at 10am (Central time) today:

Recently, we've prohibited the use of https://github.com/companionstudio/instagram-token-agent. It has been prohibited from the Heroku platform in the AUP (https://www.heroku.com/policy/aup) with regards to:

    Use the Service to access a third party web property for the purposes of web scraping, web crawling, web monitoring, or other similar activity through a web client that does not take commercially reasonable efforts to:
    identify itself via a unique User Agent string describing the purpose of the web client;
    and obey the robots exclusion standard (also known as the robots.txt standard), including the crawl-delay directive;

Regards, Raman

Thank you for your work on this! Kent

[davidkessler-ch]

any updates? or alternatives? @benjamin-hull

[benjamin-hull]

Hi everyone! As of today, the agent is back in review with Heroku, so they should be back to me soon with a result. I'll keep this issue updated with progress there.

It's not clear yet what happens to the apps that are already deployed and suspended - I assume they'll need to be re-deployed with the updated code, but as a complication, Heroku don't provide a 'button-like' method to re-deploy or update an existing app. I'll need to work out a good process and write up some docs for that. If you're comfortable with Git, you should find it easy enough to just pull the latest version and push it to your Heroku remote.

Thanks for your patience everyone - turns out a lot more people are using this thing than I anticipated! I'll be back with updates as soon as I have them!

[benjamin-hull]

Great news! Heroku have approved the changes to the agent, so new deployments will work as expected.

For existing applications, you'll need to update your application to version 1.0.1 (or later in future). Follow the instructions in the wiki to update to the latest version.

There are a couple of methods for doing this currently, though I'm thinking about how this process can be improved in future.

If you haven't already, you'll need to make sure your ALLOWED_DOMAINS setting is set up on Heroku. Previously, the app would allow any referring website to collect a token, but in this latest version, you'll need to specify which domains are allowed in advance.

So, if you want to show your instagram feed at https://www.mysweetwebsite.com/blog, you'll need to set ALLOWED_DOMAINS to www.mysweetwebsite.com. You can include multiple domains with spaces in between.

Please let me know if you have any trouble or questions with the process - I've tested this a few ways myself, but there are a lot of variables out there, so there might well be bugs left to find.

Thanks!

[Kent-Gerber]

Ben,

Thanks for your continued work on this!

I will try and follow the steps you posted.

In the meantime, I got a response from support saying this about instagram_token_agent by their Security team.

I just got a response from Heroku support about my request to unsuspend the account.

[image: heroku]

You can view your ticket and add additional comments at https://help.heroku.com/tickets/902831 https://help.heroku.com/tickets/902831#event_32a0b90d-236c-44b0-a942-a44816f5e6ab

Hi Kent,

I still see instagram_token_agent is prohibited by our Security team. Hence I'll not be able to unsuspend your account.

Regards, Raman

On Fri, Jul 31, 2020 at 8:46 PM Ben notifications@github.com wrote:

Great news! Heroku have approved the changes to the agent, so new deployments will work as expected.

For existing applications, you'll need to update your application to version 1.0.1 (or later in future). Follow the instructions in the wiki to update to the latest version https://github.com/companionstudio/instagram-token-agent/wiki/Updating-your-token-agent-on-Heroku .

There are a couple of methods for doing this currently, though I'm thinking about how this process can be improved in future.

If you haven't already, you'll need to make sure your ALLOWED_DOMAINS setting is set up on Heroku. Previously, the app would allow any referring website to collect a token, but in this latest version, you'll need to specify which domains are allowed in advance.

So, if you want to show your instagram feed at https://www.mysweetwebsite.com/blog https://www.mysweetwebsite.com/blog, you'll need to set ALLOWED_DOMAINS to www.mysweetwebsite.com. You can include multiple domains with spaces in between.

Please let me know if you have any trouble or questions with the process - I've tested this a few ways myself, but there are a lot of variables out there, so there might well be bugs left to find.

Thanks!

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/companionstudio/instagram-token-agent/issues/13#issuecomment-667449238, or unsubscribe https://github.com/notifications/unsubscribe-auth/AB457RPDSIFOKRJG25TWTV3R6NXWHANCNFSM4OKLKJWA .

--

Kent Gerber, MLIS | Digital Initiatives Manager | kent-gerber@bethel.edu | 651-638-6937 Bethel University Digital Library - https://www.bethel.edu/library/digital-library Bethel Makerspace - https://www.bethel.edu/library/makerspace ORCID - https://orcid.org/0000-0001-6781-0348

[benjamin-hull]

Hi @Kent-Gerber - Looks like the info hasn't gotten to everyone at Heroku, at a guess. My ticket reference with Heroku is 894135 - you won't be able to see it, but it might help to quote this number to them in your response. Let me know how you get on.

[Kent-Gerber]

I've followed the instructions to update my version on the wiki but am stuck between step 2 and 3 on the Command Line update. I was able to successfully set the git remote with heroku git:remote -a bethel-library-instagram-token but the git push heroku command did not work and directed me to create an upstream branch with git push --set-upstream heroku master

I used that command and got this response:

error: src refspec master does not match any
error: failed to push some refs to 'https://git.heroku.com/bethel-library-instagram-token.git'

I am new to Git and Heroku so any help with this would be appreciated.

[csinghaus-sfdc]

@benjamin-hull As an update, we've removed the rule preventing your app from being deployed. Sorry for the delay. Thanks for all the work you've done!

[gchaimovitz]

@benjamin-hull you're a genius! Works beautifully, received an email from Heroku after sending them a screenshot of your post and they unsuspended my app. This allowed me to push the update and voila, IG photos are once again showing up on our website.

"Sorry for the delay. We've updated our internal scanning mechanism. instagram-token-agent should now no longer get tagged and suspended. I've unsuspended your app"

[benjamin-hull]

Thanks for the update @csinghaus-sfdc - much appreciated!

@Kent-Gerber - would you mind trying again now, just to eliminate the Heroku suspension as the cause of the problem?

[benjamin-hull]

Looks like this is complete and any residual issues settled down. Closing.