I built an app for facebook on my system and then planned to move it into shortstack so I could easily publish it to Facebook. Unfortunately, while everything loads correctly in shortstack, nothing loads on the Facebook page. I think this is due to mixing HTTP and HTTPS but I've never had my browser complain about this before so Im not sure what to do.
How can I either A) circumvent Facebooks HTTPS requirement so that my iframes load
or B) determine a different root cause of this problem?
facebook apps must be served using HTTPS (unless they are in sandbox mode). That means you must get SSL certificate. You can get one for free from http://StartSSL.com for example - i have had only positive experience with them.
Related
Pretty much what the title says.
There are tons of questions about this but the vast majority was only a matter of a missing HTTPS URL, a couple are due to misconfigured app restrictions, and the rest are unsolved.
I have no country or age restrictions in my app, I have both HTTP and an HTTPS URLs, I can see the page when logged in as a page admin and everything works fine, but when visiting the page while logged out, I don't see the tab.
Also, this is not a matter of clicking the tab and not having any content displayed, like in some other questions here. If I'm logged in with my The actual tab link is missing and if I copy the tab URL from when I'm logged in and then try to access it while logged out, I am simply redirected to the page.
I don't think it matters much but this is a tab that has been created via the Graph API. The Graph API docs don't mention anything about tab visibility, at least as far as I see.
This is driving me crazy, I've been at it for hours and can't find any solution or even a hint at what the problem might be.
Any ideas?
EDIT: All I described above is happening with our staging application, which has a self-signed SSL certificate. The live application, which has a "proper" SSL certificate, works just fine. Could the self-signed certificate be the cause of the problem?
Had the same issue this morning. Remove any audience restrictions from your app e.g 13 + or location as this means people have to login to see your app.
So it turns out it was stupidly simple: it was happening on our staging application but not on our live application because our live application uses a non-test FB app, while staging uses a test FB app, which is never seen by people who are not developers (or other staff) on that app.
Talk about wasted time...
I recently made a iframe app/page for my FB fan page with woobox. I have 100% SSL hosting, however, a lot of users are saying that they are unable to load this iframe site. Everything works 100% for me and many other visitors, but some are saying that page displays some server connection error. Any ideas? Manye I need to include some FB scripts in order for iframe page to work 100%?
When I load the app with this iframe, connection is secure so SSL shouldnt be the prob. I did however get very cheap SSL, can this be the problem?
Likely what is happening is that while your Facebook connection is secure, the contest in the iframe is still pointing at the http:// version of your page and not the https:// version. Most static iframe apps aren't smart enough to check this, so they serve insecure content on a secure page.
The majority of browsers will be fine with this, but some people might have their browser security settings tweaked a little bit differently and that's probably where you're seeing people unable to access your frame content.
An easy solution is to just have the static iframe app ALWAYS direct to your https:// content, that way, what you're serving is secure whether or not the user is browsing facebook on http:// or https://
I'm working on an iframe style app that pulls the facebook optimized page available at http://store.starrco.com/?store_mode=facebook. I've done other, admittedly much simpler, iframe apps before without issue but though I've configured this one more or less the same when I try to view the canvas url it remains blank.
My settings can be seen here: http://www.abstraktmg.com/clients/starrco/starrcofbsettings.jpg
I've tried a few different permutations of this with the same results, this is the most complete setup though and most closely matches the settings template I was given.
This page is being generated by Webasyst's shop-script, which is specifically supposed to support this. The obvious answer then is to contact their support which I did, but after assuring them that my app settings matched their template, they said I needed to contact Facebook support and this is as close as I could find to any proper support system.
I checked both http and https versions of store.starrco.com/?store_mode=facebook and both worked outside of facebook.
However, there may be some framebusting code which might prevent the site from being loaded in an iframe. And I see that your settings appear to be missing the app domain entry.
I ran into the same problem, especially in Chrome and Firefox. The problem is, when the user is surfing with https on Facebook, the https Version of the iframe is called. But the browser do not show invalid certificate problems until you to right click page information.
You need to have a signed SSL cert by a CA trusted in the browser.
If the user has accepted it without the iframe - outside of Facebook, it works.
I noticed a site that offers a free secure adaptor for page tab apps.
Looking at the source code, I saw that the adaptor was basically an iframe running my old insecure url inside a html file hosted on a secure server.
Is such a solution going to last for Facebook?
From what I read about SSL, this doesn't seem entirely legit and I wouldn't want to start using such a service and then discover that in a month or two Facebook will block these practices or that this sort of "secure" page will generate all sort of browser warnings
I don't really deal with Facebook data (except for signed_request and app_data), my app requires no permissions and no data from the user, so I won't need to interact with Facebook in my secure version, other than asking for the signed_request and possibly app data
Wouldn't you still have a mixed content warning if the initial content is loaded over HTTPS and your original page is loaded over HTTP in an iframe?
Unless I'm missing something here, this solution is only going to solve the 'Facebook says i need a secure URL' problem, not 'Facebook says i need a secure URL so people can access my app over HTTPS without problems'
i am making a facebook tab which using iframe to show the tab content from other url. Everything work fine but when users use secure http connection (https) the tab no longer loads and shows error saying page not secure.
The pages that the iframe showing is not using ssl. Do i need to have a ssl to show the page in secure connection or i have to change some setting in facebook?
You will need to buy an SSL certificate, make sure it is properly installed on your server, and make sure your the page is properly working over SSL (no warnings). Once this is setup, plug the SSL url of your page onto your fan page tab application settings, and it will work. You will want to do this as Facebook is continually encouraging users to enable the always-on SSL option on their account, and at some point SSL may be the only option on Facebook and they probably won't give you much of a warning to enable it.
for now it's an option to have ssl certificate but starting from October the first, it will be required
i have set up my application, it works well for almost all browsers except google chrome, it seems to have a warning about my secure url of the ifram and doesnt load it, the only way i could work around it is visiting the actual url of the iframe, confirmed the ssl warning, then went back to the application on fb, so it finally worked
lousy solution i know, but there was nothing else i could do