A few days ago, Facebook began showing error messages when accessing applications from https, being available for developers, in the application configuration, two new fields, to indicate secure urls (over https).
To avoid this, we must clearly add https support to our application, something that, although simple, will give us more than a headache. This is because we will encounter the new and vital “bugs” with which Facebook rewards all developers.
If we add SSL support to avoid this message, the result is a more aggressive message, in Internet Explorer, Chrome, … in which it indicates that our application is using secure elements and non-secure elements. This is due to bug 15200. By which Facebook’s JS adds, like it or not, an http (non-secure request) inside our secure page (https) to FB’s canvas_proxy.php.
The ironic thing, something Facebook has accustomed us to, is that they say it is already solved, but we can check that it is not.
The solution is on our part (while they don’t solve it completely) by adding the following line:
FB._https = document.location.protocol == "https:";As the first line inside the window.fbAsyncInit code
window.fbAsyncInit = function() {
FB._https = document.location.protocol == "https:";
FB.init( ...
Comments