Reputation: 41
How does Facebook combine SSL and non-SSL content?
I have forced Facebook to use SSL. When I add for example a Vimeo video (non-ssl) to my timeline, my browser shows the green secure connection icon and there are no annoying errors about mixed content.
I know you can use a proxy for some content so the browser thinks it still is secured, but when using the Vimeo iframe, there's a lot of content going straight to the non-sll external urls.
How do they do this? Thanks!
Upvotes: 1
Views: 436
Answers (1)
Reputation: 164337
They don't combine, if the user is using https then all the static content is from https as well.
When you load the timeline there are no videos that are loaded, only preview images per video, and those images are hosted in the facebook CDNs which have https access.
Even when you click the video preview, an iframe is created instead which loads the video, but that too is from https and from the facebook servers.
For example, I shared (liked) a video on Vimeo and in my timeline I saw the preview, as I wrote the image was hosted on the facebook CDN server and used https. When I clicked on it an iframe was created instead of the image and it's source was:
Inside that iframe they placed the embed code for the vimeo video widget which also was loaded in https (https://vimeo.com).
If mixing http and https content then the browser will complain about it. Each browser has it's own way of complaining of course. Facebook can not bypass this, and so they just make sure to use https for all content if the user is using it.
Upvotes: 1
Related Questions
- Facebook Connect over https
- Facebook App - secure canvas - SSL
- Facebook app with ssl certificate
- Facebook Like on HTTPS
- When facebook application use Secure Canvas?
- SSL Only Facebook Page Tab
- How do sites like facebook hide the password details when the url does not start with https?
- How does facebook rewrite URLs in Chrome & Firefox?
- Facebook and SSL partially encrypted
- facebook ssl content folder