HTTPS and FormAssembly - forms

We are using a FormAssembly page to collect feedback - it's hosted within an IFrame on the side of our site's master page.
The thing is, that some parts of our site are HTTPS - viewing and posting the form is ok in HTTPS, but the problem comes with the "thank you" page - we are using the configurable custom thank you page (configured within FormAssembly iteself).
Is there are way we can send the desired response page up (perhaps via a hidden field within the posted form?) - this way we can send the HTTPS link for the HTTPS version of the form and the normal HTTP link for the HTTP form?
Thanks!

I asked this question on the FormAssembly forums and it seems that it is supported via "Aliases", which is a "Pro" feature... seems I have to upgrade :s

I just ran into and solved this exact problem. I am embedding formAssembly code onto my https site and was having problems populating hidden fields. I was able to get the hidden fields to populate by changing all of formAssembly's http references to https. However, that broke my thank you page. To fix the thank you page and keep my hidden fields populating, i changed only www.tfaforms.com/responses/processor back to http: and everything worked.

Related

Web form behaving differently when secure https

I have a web form which I have recently secured with an SSL Certificate.
Since installing the certificate, the form behaves differently - when it was unsecured http it would give an error message if any required field was not filled in eg "This field is required". However, as a secured https page it doesn't give this error message any more and it is possible to submit the form whether the fields are filled in or not.
I'm a little confused because nothing else has changed other than the form page is now secured https.
Any advice on why this might be and how I could fix it would be much appreciated. Many thanks!
If you are using JavaScript for validation, Open the web page with either Google Inspect or Firefox Firebug, Check whether any of the java script is blocking or not... Its looks like some of the .js file is not loading properly.
If the validation are using ASP.NET validator, then there shouldn't be any issues.

very simple app tab iframe - won't load

I created the simplest app ever - I basically just want to iframe my website paleoitforward.com.
>> Here is a screenshot of my app settings
However, I get an error message on the page. You can see it in action here:
http://facebook.com/heathercashart/app_337591392998654
In Chrome, I get the message "This webpage is not available"
In Firefox, I get the message "Firefox can't establish a connection to the server at localhost."
Localhost... how weird?
I can't figure out why it won't load, and I'm not sure how to troubleshoot it :-/
The site loads over HTTPS fine, so HTTPS is not the problem.
Also - FYI - I am a n00b at this Facebook app stuffs... :)
Thanks,
Heather
Ok, I am not exactly sure what fixed this, but I was basically just messing around changing the URL's (adding http, removing http, adding trailing slash, removing it...) and all of a sudden it worked!
Here are the URLs I used that ended up working in case anyone has this problem in the future (make sure you pay close attention to http/https and trailing slashes!):
App domains: paleoitforward.com
Website with Facebook Login
Site URL: http://paleoitforward.com
Page Tab
Page Tab URL: https://paleoitforward.com
Secure Page Tab URL: https://paleoitfoward.com/
Page Tab Edit URL: https://paleoitfoward.com/
In your app settings (the screenshot shows it) you wrote paleoitfoward.com in your page tab settings – missing the R in foRRRRRRRRRRward …
Live is easier if one can read, believe you me :-)

https pages in facebook app/iframe

Got this really weird problem when loading https pages into my facebook app (when the app is running as http://apps.facebook.com/xxxxx).
If i do declare wether its http or https using.
FB._https = (window.location.protocol === 'https:');
On my https pages the facebook javascript api fails silently or atleast the setSize function. When loading http pages into the iframe it works fine.
If i do not declare if its https or not i get a security warning in IE, in all other browsers it works fines.
If i set my settings to run the app as https and all my pages are in https then it works fine.
But the thing is that if a user runs facebook on http, then i must be able to display some pages as https in the iframe, anyone had any similar problem?
Similar problem here - I put together a proof-of-concept for testing. This has been filed as a bug and is apparently being looked at. It might help if you go and +1 the bug report.
If someone is using facebook on http and they visit your app which is set up for https, they will just see the https page. Or you can set up a http canvas page as well as your https one. You don't need to put in any of those workarounds..

Silent failure loading page application in iframe over https

Problem
I have an application driving a tab on a client's page. The application works correctly if the user has not enabled FB's "secure browsing" feature. If attempting to view over HTTPS, the iframe doesn't even appear (no errors, no mixed-content warnings). When correctly loading over HTTP, the div with the id "pagelet_app_runner" has an iframe inserted into it and the application content is loaded inside there. Over HTTPS, this div remains empty and the iframe is not inserted into the page. There are no Javascript errors appearing in Firebug or Chrome's equivalent console.
Why I'm Asking Here
The host has a valid SSL certificate and there is no 'mixed content' at the URL in question. I can successfully view the content over HTTP or HTTPS by visiting the URL directly, and I can do the same by visiting apps.facebook.com/canvasURL/tabURL. It is only when attempting to view within a Page Tab that the HTTPS load fails as described above. My application is configured with both regular and secure canvas and tab URLs.
Attempted Debugging
I've recorded some sessions with Charles but since the iframe isn't being inserted into the page, I think I'm coming at the problem after it's already occured. I'm no Charles expert so happy to be corrected here.
Apache isn't seeing any request (in either regular or ssl logs) for the affected loads. non-SSL loads come through as expected in access_log.
Plea for Help
I'm out of ideas for debugging this. Does anybody have any suggestions? What really obvious and stupid mistake might I have made? :)
edit: nicer formatting
Your app canvas URL is https://skinnycomp.nextstudio.com.au/skinnycowcomps/ , which send 404 error to Facebook proxy (request is going through proxy when viewing app via tab), also when viewing your app via apps (https://apps.facebook.com/122381834451561/), again 404... maybe Facebook proxy is ignoring 404 and posting blank...
Try changing canvas URL to https://skinnycomp.nextstudio.com.au/skinnycowcomps/tab, also you can check if your app is accessed via page tab, in signed_request there should be page_id...
23:51:15.379[549ms][total 1667ms] Status: 404[Not Found]
GET https://skinnycomp.nextstudio.com.au/skinnycowcomps/
This is a real longshot since I'm sure you've triple checked all the settings, but the blank page can happen if an invalid url is specified in the Page Tab URL field in the app settings. Since it only happens on https, it would imply something specifically with the Secure Page Tab URL entry. It might be worth checking that again, and maybe even re-saving it or changing it to something else to see if it helps.
I was using relative URLs for the regular and secure tab URL fields. From memory relative URLs here were mandatory at some point in the past. It appears now that a relative URL will still work for HTTP but not for HTTPs. Fix: absolute URLs. Hopefully FB update their field validation to match what's required too.

security warning in IE9 "Show all content"

I'm implementing the facebook Comments plugin on my site. Users get the warning "Show all content" in IE9
This other publisher using the same plugin and it does not bring up the warning.
Can some please help me with this?
Asking users to turn of the mixed content warning in their IE9 is not an option.
We were just looking at this today and our workaround for now was to include the Facebook Library over https (even when the page itself is viewed over http). Although not ideal it gets rid of the mixed content warnings in IE9 until they have fixed their bug.
That seems to be how it was accomplished at www.vg.no linked in the original question, the library is linked via https.
From their code:
<script src="https://connect.facebook.net/nb_NO/all.js"></script>
I have the same problem:
I have a page that's 100% http. But, the facebook javascript (which I call over http), is returning assets (.js, images) over https, which is generating security warnings for IE(9) users.
I have figured out it's the comment widget from Facebook (
Here's an example of a live page on http: with the error:
http://app.gophoto.com/p?id=10173&rkey=CD01891B287792415384&s=1&a=6940
Here's one of the assets that Facebook returns over HTTPS
https://s-static.ak.facebook.com/rsrc.php/v1/y8/r/7Htnnss1mJY.js
(I'm unable to comment (for some reason?) on Joel's answer. But, his suggestion to fetch the initial all.js over https on http sites does not actually work. I've tried it, and it also inherently looks incorrect since even the initial js fetch violates the mixing up of http & https content.)