I have read that Facebook requires that iframe pages uses secure connections (SSL).
But I am now setting up my first app and there are two fields, one "Canvas URL" and another for "Secure Canvas URL".
Has the Facebook policy changed? Is it possible to use an iframe with an non-secure canvas url?
Secure canvas urls are not required in these scenarios:
The app is in sandbox mode and you are a developer or someone who can view the app in sandbox mode.
The app is public
and the user of your application has not enabled secure browsing on
their Facebook account.
If your app is live (not in sandbox mode) and you want ANYONE to use your app, the you will need to get an SSL certificate for your server and add the secure URL to your app's settings
Here is a blog post from Facebook about the change they made in October 2011 http://developers.facebook.com/blog/post/2011/09/09/platform-updates--operation-developer-love/
Sorry in advance for my bad english:
Fb policy has changed a lot in the last period.
Actually you NEED absolutly 2 canvas urls:
"standard" canvas (simply, link the host where the app/program is
stored)
secure canvas (you need to buy a facebook certificate for your host where app is stored)
Basically the app works if you have and also if you don't have a SSL certificate, but people who have setted a strong app privacy on their fb accounts, aren't able to see your app
(browser displays an error message: "this website is not secure bla bla, ecc")
Yes, you need a SSL certificate, but you can get 1 free cert in startssl.com.
Related
I am developing an application in my local machine.
I let users invite their Facebook friends with a Facebook request Dialogue.
The friends then click the link in their Facebook and are directed to the canvas page and then redirected out of Facebook to my local site.
Do I need to have an SSL certificate and if so how can I have one when I am developing locally so I can test my site?
From Facebook Oct.1 deadline blog post, SSL is not required for sandbox apps. So you can continue to develop apps without SSL certificate as long as you enable sandbox in your app.
In my case, temporary DISABLE secure browsing setting in 'Account Setting'.
http://gyazo.com/39e4dd5087636ebc3024d2285ab3e33a.png
Forward works great for developing facebook apps locally, supports SSL too.
https://forwardhq.com/in-use/facebook
You need a certificate before October 1st, otherwise your canvas landing page will be blocked by Facebook. If you develop locally and need a SSL cert just for test, see the following trick for IIS:
http://weblogs.asp.net/scottgu/archive/2007/04/06/tip-trick-enabling-ssl-on-iis7-using-self-signed-certificates.aspx
Secure Canvas URL will be required from October 1, 2011. Does it refer to all apps or only to apps running "inside facebook" (iframe apps, apps on fanpages).
Will my website without HTTPS that uses facebook-connect still work? I own app like this one: http://thinkdiff.net/demo/newfbconnect1/php/sdk3/index.php
https://developers.facebook.com/roadmap/
"All Canvas and Page tab apps (that are not using FBML) must convert
to process signed_request (fb_sig will be removed) and obtain an SSL
certificate for use in ‘Secure Canvas URL’ and ‘Secure Page tab URL’
(unless you are in Sandbox mode)."
Only Canvas and page tab apps :)
I was wondering what this information means exactly:
October 1: All Canvas apps must process signed_request (fb_sig will be removed) and obtain an SSL certificate (unless you are in Sandbox mode).
Does anybody have more detailed information on what will happen on the 1st october and the tutorial about how we should switch to secure page tab URL? Will all the applications be unaccessible if we don't do this?
Thank you!
facebook will not allow to add a new app that doesn't have a secure tab url (https)
if facebook will remove all old apps that do not have a secure tab url is not known at the moment.
a tutorial is not needed, the only thing you have to do is to provide https to your apps,
in the apps settings.
there are a lot of free ssl certificate providers out there - or maybe your host provides ssl to your webspace.
http://tinyurl.com/3oqxutj
I have a canvas iframe Facebook app.
I updated the secure canvas URL with https url and it works fine.
since October 1st, it is not allowed to access apps without ssl.
I used to debug my app by creating a duplicate app with localhost as the canvas URL.
Since October 1st (or actually since today...) it is not possible to access it due to the ssl restriction. How can I debug facebook app now??
In your account settings turn off 'Safe browsing' so you will be visiting Facebook without https. Then it does work for me (after turning on Sandbox mode that is).
Turn sandbox on
(source: phpcode.eu)
Apps on Facebook authentication and security migration
All Canvas and Page tab apps must convert to process signed_request (fb_sig will be removed) and obtain an SSL certificate for use in Secure Canvas URL and Secure Page Tab URL (unless you are in Sandbox mode).
So I created a facebook app using iframes, I'm using it as a tab on a facebook page and it works.
But if I use HTTPS, the tab isnt even there.
Anyone know how to fix this?
thanx
Facebook recently enabled the ability for users to set their accounts to use secure browsing (https / ssl). In your application settings > Facebook integration section you now have 2 fields: Secure Canvas URL & Secure Tab URL which in order for your app to work if a user has enable secure browsing, you will need to fill those in. This also requires that the server you are hosting your app on has a valid and configured SSL certificate.
If you are browsing over HTTPS (which is a something a user can now enable in their FB account settings), then the iframe will need to be pulled in over a secure connection too.
This is a known issue (marked as fixed and resolved - http://bugs.developers.facebook.net/show_bug.cgi?id=15200) and, rather than attempting to simply call the same URL over HTTPS, Facebook now provide a separate field under the integration settings for the URL of a secure version of the iframe. If this does not exist, then the tab will not display over HTTPS.
Sergiogx, make sure you filled both fields Canvas Tab URL and Secure Canvas Tab URL. I'm using free facebook page hosting from http://hostfb.com and they also provide SSL support.