Starting Oct 1st, canvas pages and tabs must use HTTPS (or remain in sandbox mode).

Facebook has made these secure urls available a application properties. So the modules should set them automatically.

CommentFileSizeAuthor
fb_secure_urls_d6.diff2.72 KBDave Cohen
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

notluap’s picture

I successfully setup my Drupal site/canvas app to use HTTPS; however, when I access the Facebook canvas app through https://apps.facebook.com/myapp the app loads correctly over https, but then clicking any link in the app brings you back to a normal http unsecured page.

I don't have this problem when clicking links on my normal Drupal domain over https, only in the canvas app.

Any thoughts?

Dave Cohen’s picture

Status: Needs review » Needs work

It looks like when you provide a secure URL, it's always used. So even at http://apps.facebook.com/.... the iframe is https://....

So there's no way for drupal to know whether the original apps.facebook.com url is https or not. I suppose it is better to send a user from http to https rather than the other way around.

Dave Cohen’s picture

Status: Needs work » Fixed

Improved the code and checked it in.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.