0

On my Drupal 7 Website when users login with Facebook it pulls an insecure image

http:// profile.ak.fbcdn.net/hprofile-ak-ash3/211260_100002498550684_1807914074_s.jpg

I am using Drupal For Facebook

I've followed instructions here

Facebook JavaScript SDK over HTTPS loading non-secure items

Maybe it is outdated, what is the current fix for this?

Also oddly, When I login with my Facebook account it does not have the problem

https:// fbcdn-profile-a.akamaihd.net/hprofile-ak-ash4/211648_100004825298386_474362609_s.jpg

How do I make the profile pics secure no matter what? Thank your for your time.

Community
  • 1
  • 1
John Quick Stance
  • 1
  • 2

2 Answers2

2

You can easily have the Graph API return the SSL URL for a user picture by appending the parameter return_ssl_resources=1 – see Mark’s picture, requested in the secure version:

https://graph.facebook.com/4/picture?return_ssl_resources=1

CBroe
  • 91,630
  • 14
  • 92
  • 150
  • That doesn't work, I added the following code to example.php `

    You

    `     – John Quick Stance Mar 15 '13 at 17:45
  • Define _“that doesn’t work”_ please – since when you click the link I posted, you should be able to clearly see that it _does work._ – CBroe Mar 16 '13 at 19:16
  • I meant I don't know where the code goes for me, I can't figure it out. Drupal For Facebook must have this code hidden or maybe I'm suppose to put it in the facebook sdk js library. I don't know. ?return_ssl_resources=1 does work I just cant get it to work for me. Thank you for your time. – John Quick Stance Mar 16 '13 at 20:28
  • This was a great response. The links that are returned from the graph link with the `return_ssl_resource` parameter set to 1 differ slightly from the non-ssl links. **https** `https://fbcdn-profile-a.akamaihd.net/hprofile-ak-ash4/372719_100002538572418_1473050437_q.jpg` **http** `http://profile.ak.fbcdn.net/hprofile-ak-ash4/372719_100002538572418_1473050437_q.jpg` You can updated existing http links to use ssl by replacing `http://profile.ak.fbcdn.net` with `https://fbcdn-profile-a.akamaihd.net` – ReenignE Jul 23 '13 at 15:54
1

So upon further review I came to realize that my Facebook profile was the only one having problems on my website with my profile picture staying unsecured after logging in with Facebook.

Upon digging deeper I realized when I logged into www.facebook.com directly my connection was by default unsecured as well.

I went into Account Setting and the Security tab and it said something about Secure browsing being in migration. I changed Secure Browsing to enabled and voila!

Everything is working perfectly.

I'm still wanting to implement this 

str_replace('http://profile.ak.fbcdn.net','https://fbcdn-profile-a.akamaihd.net',$user['pic_square']);

So just in case someone it stuck in old school unsecured browsing it replaces the link but I don't even know how to do this or where the code goes but I will save that for another day.

Jon Bee
  • 11
  • 1