Reputation: 1
IFrame facebook app with httpS
Is there a way to run an HTTP*S* application as IFrame facebook app? if not, how can i prevent replay attacks and make sure that the content passed between the browser and the server is not captured. Also, is it possible to have Ajax calls to the server going over secure channel?
Thanks, Pomponius.
Upvotes: 0
Views: 1018
Answers (1)
Reputation: 8932
All you need to do is set your canvas URL to an https url. However, you are going to run into a number issues such as the Facebook Javascript SDK is not hosted on https. Also, you should be aware that Facebook itself is susceptible to relay attacks so you aren't really going to be able to fully mitigate the problem. As far as making AJAX calls to your server you have complete control over that so as long as your client side javascript and your server support this then it won't be a problem.
Upvotes: 1
Related Questions
- Facebook iframe triggers unsecure/secure warning
- FaceBook loading HTTPS hosted iframe apps via POST
- HTTPS iframe in HTTP page, browser false warnings
- facebook iframe app is blank when using https
- Facebook Iframe App - prompting for secure content although I have SSL installed?
- https pages in facebook app/iframe
- Facebook iFrame app. Do I really need secure url also?
- Facebook iFrame tab problem with secure url (https)
- Facebook application iframe problem
- Making Safari work with my iframe-based Facebook app