CODEWITHSUNDEEP
phpfacebooksslfacebook-canvas
Primoz Rome
Primoz Rome

Reputation: 11021

Facebook canvas apps HTTPS and HTTP

I have created two Facebook canvas apps. I am having problems with people accessing the apps. In the app settings you must enter:

Canvas URL Secure Canvas URL

Secure Canvas URL wont accept HTTP links but only HTTPS. When some of my users go to my app link like http://apps.facebook.com/my_app Facebook automatically redirects them to https://...

Canvas app content is loaded from my server which is only accessible via HTTP. The users which are redirected to https://apps.facebook.com/my_app then can not load my app since Facebook canvas wants to load content from my server via HTTPS. How do I solve this, without enabling SSL on mu server?

And not all users are redirected to https://apps.fa...? How is this handled?

Upvotes: 5

Views: 16262

Answers (4)

UnTechie
UnTechie

Reputation: 365

I have come up with an interesting hack for this problem.

You can create a HTML file that is accessible over HTTPS that just redirects to your webpage. For example, you can use dropbox. Since Facebook loads your secure canvas URL page in an iframe, your code needs to redirect the top page. Something like this.

<html>
  <head>
    <script>
    function onLoad() {
      window.top.location.href="<your website>";
    }
    </script>
  </head>
  <body onload="onLoad()">
    <p>Please wait while you are being redirected to <your website name>…</p>
  </body>
</html>

And provide this link as the secure canvas URL. I blogged about this in more detail - http://blog.almabase.com/post/84579042935/interesting-hack-for-facebook-secure-canvas-url

Upvotes: 8

TJHeuvel
TJHeuvel

Reputation: 12608

Facebook users that have explicitly said they want to use HTTPS in their account settings get redirected to HTTPS. Your application has to support HTTPS by October 1st, as announced by Facebook here: https://developers.facebook.com/blog/post/497

Upvotes: 2

BBog
BBog

Reputation: 3650

Without enabling SSL on your server, you could try social-server.com However, this is only a quick workaround. Your users might get nasty security messages from their browsers while using https.

The best solution is to buy a SSL certificate if you still want to develop Facebook apps.

Upvotes: 1

chwk
chwk

Reputation: 441

Basically, you must provide https support. At the moment, you can still leave the Secure Canvas URL field empty to avoid doing so, but it will be required starting October 1st.

Upvotes: 7

Related Questions