I recently made a iframe app/page for my FB fan page with woobox. I have 100% SSL hosting, however, a lot of users are saying that they are unable to load this iframe site. Everything works 100% for me and many other visitors, but some are saying that page displays some server connection error. Any ideas? Manye I need to include some FB scripts in order for iframe page to work 100%?
When I load the app with this iframe, connection is secure so SSL shouldnt be the prob. I did however get very cheap SSL, can this be the problem?
Likely what is happening is that while your Facebook connection is secure, the contest in the iframe is still pointing at the http:// version of your page and not the https:// version. Most static iframe apps aren't smart enough to check this, so they serve insecure content on a secure page.
The majority of browsers will be fine with this, but some people might have their browser security settings tweaked a little bit differently and that's probably where you're seeing people unable to access your frame content.
An easy solution is to just have the static iframe app ALWAYS direct to your https:// content, that way, what you're serving is secure whether or not the user is browsing facebook on http:// or https://
Related
I'm using a self generated SSL certificate on my localhost IIS and pointed my facebook sercure Iframe app URL to https:\localhost but just get a blank page.
when browsing to it not within FB, it gives me the cert warning and then after i add it as an exception, it goes through to the site fine.
using http:\localhost for the non-secure url works fine
any ideas why i'm getting the blank page?
As I know FB checks your certificate and if it not valid it just wont load your app in the iframe. You can try this service that seams to be intended to exactly this kind of problems: http://www.social-server.com/.
Don't stress if you can't afford an SSL certificate for Facebook's SSL migration...
...Use this FREE service to adapt your Facebook pages so that it's viewable over an HTTPS connection.
I'm working on an iframe style app that pulls the facebook optimized page available at http://store.starrco.com/?store_mode=facebook. I've done other, admittedly much simpler, iframe apps before without issue but though I've configured this one more or less the same when I try to view the canvas url it remains blank.
My settings can be seen here: http://www.abstraktmg.com/clients/starrco/starrcofbsettings.jpg
I've tried a few different permutations of this with the same results, this is the most complete setup though and most closely matches the settings template I was given.
This page is being generated by Webasyst's shop-script, which is specifically supposed to support this. The obvious answer then is to contact their support which I did, but after assuring them that my app settings matched their template, they said I needed to contact Facebook support and this is as close as I could find to any proper support system.
I checked both http and https versions of store.starrco.com/?store_mode=facebook and both worked outside of facebook.
However, there may be some framebusting code which might prevent the site from being loaded in an iframe. And I see that your settings appear to be missing the app domain entry.
I ran into the same problem, especially in Chrome and Firefox. The problem is, when the user is surfing with https on Facebook, the https Version of the iframe is called. But the browser do not show invalid certificate problems until you to right click page information.
You need to have a signed SSL cert by a CA trusted in the browser.
If the user has accepted it without the iframe - outside of Facebook, it works.
I noticed a site that offers a free secure adaptor for page tab apps.
Looking at the source code, I saw that the adaptor was basically an iframe running my old insecure url inside a html file hosted on a secure server.
Is such a solution going to last for Facebook?
From what I read about SSL, this doesn't seem entirely legit and I wouldn't want to start using such a service and then discover that in a month or two Facebook will block these practices or that this sort of "secure" page will generate all sort of browser warnings
I don't really deal with Facebook data (except for signed_request and app_data), my app requires no permissions and no data from the user, so I won't need to interact with Facebook in my secure version, other than asking for the signed_request and possibly app data
Wouldn't you still have a mixed content warning if the initial content is loaded over HTTPS and your original page is loaded over HTTP in an iframe?
Unless I'm missing something here, this solution is only going to solve the 'Facebook says i need a secure URL' problem, not 'Facebook says i need a secure URL so people can access my app over HTTPS without problems'
I have lots of Facebook Fanpages, and I have been told on many occasions to change to iFrames. Facebook developing isn't really my main thing so I havent kept upto date with the change as FBML worked for me.
I have asked a recent question about rotating images and it seems that iFrames will be able to handle this.
Can you tell me what are the good things about iFrames?
Is there an iFrame service without thirdpart branding (i.e WildFire logo at the bottom of page)
Thanks for your help
You should be switching as soon as possible from fbml fan pages to iframe fan page because the FBML pages have been deprecated (you can't create new fbml pages) and it is likely Facebook will start killing FBML page support for existing pages, with little to no notice.
The biggest benefits are almost all javascript code will run now and without making a user first click somewhere. Laying out pages is a lot cleaner. And you don't have to learn the fbml tags. You just make a web page like you normally would and it should run just fine, as long as you understand that iframe code is sandboxed due to cross domain limitations so you can't try to modify its parent (the Facebook page)
I don't know of any iFrame services, but iFrame pages are so simple - you just host a plain html file or webpage somewhere on a server anywhere and tell Facebook the url for it. Do note though that the site it is hosted on should have an SSL certificate for users that visit your page with HTTPS enabled on their Facebook account.
i am making a facebook tab which using iframe to show the tab content from other url. Everything work fine but when users use secure http connection (https) the tab no longer loads and shows error saying page not secure.
The pages that the iframe showing is not using ssl. Do i need to have a ssl to show the page in secure connection or i have to change some setting in facebook?
You will need to buy an SSL certificate, make sure it is properly installed on your server, and make sure your the page is properly working over SSL (no warnings). Once this is setup, plug the SSL url of your page onto your fan page tab application settings, and it will work. You will want to do this as Facebook is continually encouraging users to enable the always-on SSL option on their account, and at some point SSL may be the only option on Facebook and they probably won't give you much of a warning to enable it.
for now it's an option to have ssl certificate but starting from October the first, it will be required
i have set up my application, it works well for almost all browsers except google chrome, it seems to have a warning about my secure url of the ifram and doesnt load it, the only way i could work around it is visiting the actual url of the iframe, confirmed the ssl warning, then went back to the application on fb, so it finally worked
lousy solution i know, but there was nothing else i could do