I have a Facebook app which is defined in Facebook as localhost.
I have it installed on a windows server 2012 with a self signed certificate issues to that server name.
In the IE (and chrome), if I open https://localhost it doesn't go through the Facebook and fails on certificate, if I open https://servername it goes through the Facebook but again, doesn't open claiming it doesn't have a valid security certificate.
I created 2 certificates, one for localhost (issues by "localhost") and one for the servername, both don't work.
I tried everything I could find online and some advice from friends including changing security settings on IE.
Any ideas will be appreciated
Thank you
Related
Since recently I can not test applications on localhost. There is no canvas url anymore to be set, only secure canvas url and it asks for https url. Even test apps do not have this option. So I have to buy another ssl and domain for testing pourposes only? If someone has the same problem or a solution please let me know. Cheers!
Just put in https://localhost and accept the unsafe message in the browser, you don´t need to buy a certificate.
You can also use a self-signed certificate, as explained in other threads:
create a trusted self-signed SSL cert for localhost (for use with Express/Node)
How do I allow HTTPS for Apache on localhost?
Thank you luschn for pointing that about self signed stuff out because just putting https://localhost will not work anymore.
It seems that facebook made some changes and that you can only test your apps on localhost if you create a self signed certificate with openssl tool. Then you can enter in secure canvas url something like https://localhost:3000/ and in app domains localhost and it seems to work. Other than creating selfsigned certificate I could not make it work on localhost.
Now I'm trying to use the sample code in facebook PHP SDK.
Though I can use localhost to view my web on Google Chrome broser,when I fill the URL
(I use APPSERV as my server)
localhost in the "Secure Canvas URL" blank, it always says server connection denied.
(I'm not sure if the message in English is correct.It shows "伺服器拒絕連線"on my broswer)
Thanks for everyone who answers my question.
You can not develop your facebook app on your localhost without SSL anymore.
Facebook made Secure Browsing default and no way to undo it.
So if you want to test your own app on localhost you have to self signed your app.
https://www.facebook.com/notes/facebook-engineering/secure-browsing-by-default/10151590414803920
I'm developing a Facebook canvas app. I don't have a SSL certificate so I've been using a plain http:// URL + sandbox mode for the creation and testing process.
Suddenly I realized my Facebook account turned to Secure Browsing mode and I'm unable to turn it off via Account Settings >> Security >> Secure Browsing. There is no "edit" button. None of my co-workers experienced the same problem. Their Secure Browsing option is off, editable and the app is visible. Anyone familiar with the same issue?
If you're testing your app you shouldn't really need to disable HTTPS, nor is that really a representative test if you're using HTTP but almost all your users will be using HTTPS (as is the case with Facebook)
It'd be better to get a free cert from startssl.com or similar free CAs, use OpenSSL to generate an in-house CA or self-signed certs, or accept the certificate warnings from the default cert that ships in your webserver, if any, than to disable the secure browsing option on your Facebook account for this purpose;
As for the option itself in the Facebook setting, that's somewhat off topic for here, and I'm unsure what the exact status is but I believe the option to browse Facebook insecurely is being phased out
Another option for testing is to run a test server with a separate proxy to your production environment (e.g nginx) for test purposes and log all the traffic to that server for debugging
We develop local apps that redirect to a secure web host which then sends the relevant FB app info to our FB app which in turn redirects back to our web server which redirects back to our local app. The local app stores the relevant FB user info so that user interaction is then posted to FB as per their approval. Everything works perfectly except for our latest project.
Our latest project running in Dubai is having latency issues between FB, the web server and our localhost on its return from the FB app authorisation. When the PHP script execution time was set to 30 seconds the redirect would timeout. We have increased this execution duration and the app works again but the wait is not ideal as ppl are queued in malls waiting to try out the activation.
I see it is possible to setup SSL on the localhost server as per: How do I allow HTTPS for Apache on localhost?
So my question is: Would FB allow this SSL connection or would the certificate have to come from an authority on a certified web server?
I was thinking of using the localhost WAMP server as the web server aswell and setting up its own OpenSSL to try reduce the latency issues.
I never built the original application so does the FB PHP SDK even need to be hosted on a secure site?
I am working on my first app for Facebook and facing (probably) with the SSL problem. If I am testing the app, so it's working well. But then I wanted to test the app by my friend - so I assigned him the role "Tester", he accepted it and I sent him the link to the app.
If he opened the app, he got the error The website is not available - Error 501 (net::ERR_INSECURE_RESPONSE): Unknown error
I started google it and it looks that the cause is the missing SSL certificate on my hosting, where the app is stored.
BUT - how is possible, that the app is working me well without the SSL and to my friend doesn't? If the SSL is required for Facebook apps, why I didn't get the same error?
(I set Secure Canvas URL: to https://example.com/fb-app-directory/, however I don't have at this domain and hosting any SSL certificate).
I never used before SSL. I bought the domain name on Namecheap and hosting on Hostgator. So now, I should buy a SSL certificate from the offer (http://www.namecheap.com/ssl-certificates.aspx) of Namecheap, right?
Would be suitable for the Facebook app the cheapest one?
Look, this SSL problem can only be solved by purchasing a valid SSL certificate or looking for a server which can host your app and is SSL certified such as:
phpfog.com - Provides you with some limited space and database service.
heroku.com - Does not provide any storage space for saving dynamically generated data. To have that service, you have to buy the Amazon buckets service which, again, is a costly affair.
If you don't want to invest any money, I would recommend that you go with phpfog - it is easy and its documentation is pretty good.
You should buy an SSL cert in order for everyone to be able to access your app. Your friend probably has his settings set so that he browses Facebook securely, in this case he is hitting https://example.com/fb-app-directory/, not your actual URL.
The cheapest one isn't the best one, but it should work as long as it's valid. I would suggest using Heroku though, as that way you get everything you need - for free :)
Use a proxy in heroku.com and bring your page in secure domain as https://yourapplication.herokuapp.com/
"Starting October 1, 2011 Facebook will require a valid SSL Certificate for all pages and applications hosted outside of Facebook."
http://www.wpcode.net/fb-ssl.html/
Maybe you are visiting your application with http://apps.facebook.com/... and your friend is visiting with https://apps.facebook.com/....
Another possibility is that your friend has checked "Browse Facebook on a secure connection (https) whenever possible" under "Account Security".
Try ngrok. It exposes a local web server with just one command:
ngrok 80
After this you can access your localhost like this: xxxxxxxx.ngrok.com