I'm putting analytics on a facebook application and i'm unsure what the protocol would be.
Here's a screenshot from the analytics set up
In general I would prefer https. No idea what google does with it but https is the best way to share your application and its contents. If you run your App in a facebook iframe tab your app has to be reachable via https. That means that the content also gets shared via https (because FB will call your app by the users privacy settings (http or https)).
So all my apps and their sharing URLs are set to https so that the like-count etc. are the same and are reachable whether called via FB or not. Because of this I would prefer the https way.
Facebook now requires https for all applications, so I don't see any reason not to use https for your analytics script.
However, if you use a protocol-less url, your browser will figure out for you. E.g.
<script type='text/javascript' src='//www.google.com/yourscript.js'></script>
Related
I have a app ( web, ios and android ).I want to the create a Facebook canvas app where it will only show the first page of our web app.To achieve this.I created a Facebook canvas app in Facebook developer console.I filled the details which was required (Secure Canvas URL : https://example.com ,Mobile Site URL : https://example.com ) I am not sure what is secure canvas url meant so I put the link of my web app.But when open the canvas page
( https://apps.facebook.com/some_id).It is giving 405 Not allowed error.After digging I found out that Facebook is making a post request to my web app with a signed request ( not sure what it is ). How do I show my web page on facebook canvas page.Please explained to me how this things works and how can I achieve it.Thanks in advance.
Facebook loads app into the iframe by making a POST request to your app URL. You typically get a 405 Not allowed when your URL does not accept POST requests.
Many webspace providers have a setup where POST requests to “static” resources (such as .htm/.html files) are not allowed.
So you need to either change that in the webserver configuration (might be possible via .htaccess on an Apache; ask your server admin/support if you’re not sure), or you need to use a different “file type” for your app’s base URL that you want to load into canvas - for example, if PHP is available, the configuration usually allows POST requests to PHP scripts by default.
No problems with making our webserver secure. App on Facebook runs fine IF 'secure browsing' opted in (user-setting). How can we make our App visible for visitors who has not opted in on 'secure browsing'?
Do we have to make a copy of the site on a insecure (http) server? Or is there another solution? (force to non-ssl via htaccess)
There should be no issue with setting both app urls, in your Facebook app settings, to use the https url.
Facebook and their app partners seem to achieve this.
If you look at the Farmville URL you can see it's serving over SSL: https://apps.facebook.com/onthefarm/?ref=ts
Facebook then iframe in the content from the game provider (Zynga) using another SSL iframe src. But then you see ad code called via non-secure external JS calls.
What are the rules/techniques concerning delivery of non secure page elements (Flash, images etc) without mixed content warnings in iframes when the top level page is serving over SSL?
SSL Page (Facebook) > SSL iFrame (App Provider) > Non-SSL iFrame (App Provider) > HTTP image/Script call?
You can't really use a custom app page without using SSL. But if you are looking for a free alternative you can use facebook app provides like http://devcenter.heroku.com/articles/facebook
You can even use dropbox as an free alternative if you wanna host your iFrame fan page.
For a paid and best solution, you would need an web hosting and a domain with dedicated IP and SSL installed on it.
I noticed a site that offers a free secure adaptor for page tab apps.
Looking at the source code, I saw that the adaptor was basically an iframe running my old insecure url inside a html file hosted on a secure server.
Is such a solution going to last for Facebook?
From what I read about SSL, this doesn't seem entirely legit and I wouldn't want to start using such a service and then discover that in a month or two Facebook will block these practices or that this sort of "secure" page will generate all sort of browser warnings
I don't really deal with Facebook data (except for signed_request and app_data), my app requires no permissions and no data from the user, so I won't need to interact with Facebook in my secure version, other than asking for the signed_request and possibly app data
Wouldn't you still have a mixed content warning if the initial content is loaded over HTTPS and your original page is loaded over HTTP in an iframe?
Unless I'm missing something here, this solution is only going to solve the 'Facebook says i need a secure URL' problem, not 'Facebook says i need a secure URL so people can access my app over HTTPS without problems'
I am trying to use the Facebook javascript sdk for my chrome extension. Since it is a chrome extension how do i integrate it with facebook? is it an app on facebook.com or a website?
Currently i have it as a website.
my site url on the settings is:
http://localhost/Users/home/Documents/facebook/
i have also enabled web sharing on my mac.
do i need to set the site domain as well? what am i doing wrong here?
Enter http://localhost/Users/home/Documents/facebook/ as your "Site Domain" on the developer app:
https://developers.facebook.com/apps/{api_key}/summary
Replace {api_key} with yours; or find a link at https://developers.facebook.com
Interestingly enough, Facebook lets you type anything into the domain so it can be an offline URL (such as localhost or a local port) and Facebook will redirect to it after authentication.
You can test Facebook applications locally if you add an entry to your hosts file which points to any subdomain of the root domain you gave Facebook. For example, if your domain is example.com, you can add entry to your hosts file pointing fbtest.example.com to localhost (127.0.0.1).
You can then test away locally without having to edit your Facebook app configuration (assuming your local server is set to serve the same content to all subdomains).
Alternatively, if it's important to have the exact domain, you can just add an entry for the root domain. It just means you won't be able to access the live site while testing.
In order to develop and publish a Facebook application, you must provide a web accessible URL that Facebook can query. If you have webspace you can upload to or make your IP available to the web for Facebook to call, it should solve your problems.
Facebook will allow you to put just about any valid url into the box, however when you go to use it for logins or general use, you will begin to notice errors, since Facebook's spider cannot fetch the url.
Check the 'Desktop Apps' section of https://developers.facebook.com/docs/authentication/
This explains how to do authentication where there's no server involved, it's aimed at desktop apps but a browser toolbar should work in a similar way