i am making a facebook tab which using iframe to show the tab content from other url. Everything work fine but when users use secure http connection (https) the tab no longer loads and shows error saying page not secure.
The pages that the iframe showing is not using ssl. Do i need to have a ssl to show the page in secure connection or i have to change some setting in facebook?
You will need to buy an SSL certificate, make sure it is properly installed on your server, and make sure your the page is properly working over SSL (no warnings). Once this is setup, plug the SSL url of your page onto your fan page tab application settings, and it will work. You will want to do this as Facebook is continually encouraging users to enable the always-on SSL option on their account, and at some point SSL may be the only option on Facebook and they probably won't give you much of a warning to enable it.
for now it's an option to have ssl certificate but starting from October the first, it will be required
i have set up my application, it works well for almost all browsers except google chrome, it seems to have a warning about my secure url of the ifram and doesnt load it, the only way i could work around it is visiting the actual url of the iframe, confirmed the ssl warning, then went back to the application on fb, so it finally worked
lousy solution i know, but there was nothing else i could do
Related
The site that I am embedding for my app on Facebook is SSL enabled and hitting the https page on a normal browser brings up the site as expected. For now, my SSL certs are self-signed.
However, when I try to run the app on Facebook, it fails to load the page. There are no errors except the image below. Mouseover on the icon shows a "NULL":
So my question is, does this have to do with the fact that my SSL certs are self-signed? Or is there some other reason for this?
Also, I am not able to check if the non-secure page (http) works on the app as Facebook does not allow me to switch off my secure browsing mode.
After obtaining commercial SSL certs, it now works. So I guess any SSL certs that result in a browser prompt asking the user to continue would not work in an embedded canvas on Facebook.
I'm using a self generated SSL certificate on my localhost IIS and pointed my facebook sercure Iframe app URL to https:\localhost but just get a blank page.
when browsing to it not within FB, it gives me the cert warning and then after i add it as an exception, it goes through to the site fine.
using http:\localhost for the non-secure url works fine
any ideas why i'm getting the blank page?
As I know FB checks your certificate and if it not valid it just wont load your app in the iframe. You can try this service that seams to be intended to exactly this kind of problems: http://www.social-server.com/.
Don't stress if you can't afford an SSL certificate for Facebook's SSL migration...
...Use this FREE service to adapt your Facebook pages so that it's viewable over an HTTPS connection.
I coded a stub application for Facebook.
When I'm trying access the app url (http://apps.facebook.com/myappname) it all works fine. It works from other servers as well.
However, a specific co-worker of mine is also trying to access it and he gets redirected to facebook.com
A day ago he was able to log-in, and we are not aware of any changes.
Thoughts, anyone?
This is common for when you don't have the required SSL server's url in the app settings. That other user that was redirected has allow only https set in his user preferences. Since you have no https version set, then he gets redirected away. If you do have the SSL server's url in your app settings, then the SSL cert may be bad. Many people try to get away with using a "fake" cheap SSL cert. The cert must be a real (read: expensive) one.
Since FBML apps canvas url(s) are not directly accessible by the end user, I suppose not , but can anyone confirm this ?
Confirm: "An SSL Certificate is required for all Canvas and Page Tab apps (not in Sandbox mode and not FBML)." See here: http://developers.facebook.com/docs/oauth2-https-migration/
Though I am currently getting mixed content warnings in IE and Firefox when using Facebook in https mode and then loading content over http in the app. So users of your app might get kinda bad feeling if you do not serve your content over https.
UPDATE:
Facebook:
"We have heard that there is some confusion about whether FBML apps
must support HTTPS. FBML developers still need to know whether users
are browsing Facebook over a secure connection since they need to
detect whether to serve iframe or video content over HTTPS. As a
result, FBML apps must obtain SSL certificates in order to serve this
type of content to users browsing over a secure connection. If you
have an FBML app, please obtain an SSL certificate for your app to
receive traffic from users browsing Facebook over a secure connection.
If you enable SSL for your FBML app, please make sure that your SSL
certificate includes all intermediate certificates in the chain of
trust as our SSL validation is strict. You can use third-party SSL
analysis tools (e.g., https://www.ssllabs.com/index.html) to check
your certificate status and fix any errors (and warnings). If your SSL
certificate has problems, you may see "Empty response received" error
when you load your FBML canvas app."
https://developers.facebook.com/blog/post/567/
So I created a facebook app using iframes, I'm using it as a tab on a facebook page and it works.
But if I use HTTPS, the tab isnt even there.
Anyone know how to fix this?
thanx
Facebook recently enabled the ability for users to set their accounts to use secure browsing (https / ssl). In your application settings > Facebook integration section you now have 2 fields: Secure Canvas URL & Secure Tab URL which in order for your app to work if a user has enable secure browsing, you will need to fill those in. This also requires that the server you are hosting your app on has a valid and configured SSL certificate.
If you are browsing over HTTPS (which is a something a user can now enable in their FB account settings), then the iframe will need to be pulled in over a secure connection too.
This is a known issue (marked as fixed and resolved - http://bugs.developers.facebook.net/show_bug.cgi?id=15200) and, rather than attempting to simply call the same URL over HTTPS, Facebook now provide a separate field under the integration settings for the URL of a secure version of the iframe. If this does not exist, then the tab will not display over HTTPS.
Sergiogx, make sure you filled both fields Canvas Tab URL and Secure Canvas Tab URL. I'm using free facebook page hosting from http://hostfb.com and they also provide SSL support.