0

I've created simple iFrame based fangates in the past with no https url. These all worked fine, only they warned users about switching to insecure url if they were browsing securely. No big deal.

I'm working on another app now and Facebook app settings is telling me that a secure url is required by October 2nd.

I've tested previous apps and they work fine without secure.

Just wondering do I really need a secure url to make another app or will it still work without.

I don't want to have to buy a cert that isn't absolutely needed.

Any experience with this new rule?

Thanks, Conor

jim
  • 8,670
  • 15
  • 78
  • 149
  • This really should be a question directed at Facebook directly. I am going to guess they have allowed a grace period. A security certiface is not expensive and well worth the expense. – Security Hound Oct 28 '11 at 13:11
  • No, the grace period has come and gone. As of 1st October, you MUST have SSL (or other encryption) on your domain. – David Barker Oct 28 '11 at 13:16

1 Answers1

1

Like David Barker said, you have to have an SSL certificate to run an iframe app - tab or canvas. They no longer give users the option to temporarily switch to non-secure browsing.

Carson
  • 4,541
  • 9
  • 39
  • 45
  • 1
    Ah I see.. They will allow you create/publish the app but https visitors will just blocked out unless they manually switch to http – jim Oct 28 '11 at 13:32
  • Yup, exactly. It's unfortunate since SSL can be fairly expensive. Facebook is offering Cloud Hosting Services in an attempt to ease the pain, but I haven't tried that out yet. – Carson Oct 28 '11 at 13:47