I'm a web developer based in Manchester, England. I also design websites. I generally favour open-source technologies such as PHP, MySQL and JQuery, and I have extensive experience using Drupal.
Facebook Canvas Pages to Require SSL Certificates
16
On the first of October, Facebook will make another change which could have a significant – and potentially costly – impact to your applications and pages. As part of its latest moves to increase security across the platform, in addition to OAuth adoption they will expect that your canvas applications to be hosted at a secure address (https). If a user browses to your page via https – and millions are beginning to change their settings so that they are – instead of your lovingly crafted content, they’ll see the following warning:
If you go to an application’s settings, you’ll notice a new option, Secure Canvas URL, with the footnote “Required: SSL Cert by October 1, 2011”, pictured below.
In other words, the option is there already to specify a secure URL for your canvas application already, but by October 1st this will be a proviso, and that means you’ll need to install an SSL certificate. This isn’t trivial, and it’s often not cheap – particularly if you have multiple pages / applications over a number of domains, and remember that the cheapest SSL certificates aren’t necessarily supported by every browser.
You can read Facebook’s original announcement on their blog, as well as some feedback on the move here. Personally I agree with the developer that in many cases SSL just isn’t necessary – particularly if all you’re doing is displaying external content on a Facebook page. But this is the price for a more secure platform, it seems.
There is one possible solution – a website has come to my attention called Social Server, which appears to host a Facebook application for you on a secure server. However I haven’t tried it – if anyone has used it, do let me know in the comments.
16 comments
About Me
Blog Categories
Tags
Recent Comments
2 hours 18 min ago commented on Gift Certificates in Drupal Commerce:
Read more...I am using the steps which you are given...
1) created a line item type "Gift Certificate...
5 days 20 hours ago commented on Using an Additional Database in Drupal 7:
Read more...Thank you. I've spent a lot of time trying to conect to a civicrm database.
Perfect...
1 week 4 days ago commented on Using an Additional Database in Drupal 7:
Read more...Hi
I have small issue coming when i was migrate drupal 6 to drupal 7 site..
My...
Most Commented
- Facebook Canvas Pages to Require SSL Certificates 16 comment(s)
- A Look at the Concrete5 CMS 15 comment(s)
- Creating a Concrete5 Package: Integrating the Craftyslide JQuery Plugin 12 comment(s)
- Migrating a Concrete5 Site from Windows to Linux, and MySQL Case Sensitivity Hell 9 comment(s)
- Using Less, the Dynamic Stylesheet Language, in Concrete5 8 comment(s)
Thank you for the article, it was very informative, it helped me a lot, I did see Social Server cost money nowadays, they ask 40 pounds ouch!!.
I did end up finding a website that do give you a Https Url Address for Facebook developers..the BIG difference is they are the cheapest , add free and their Https Facebook Url Address works with any Facebook Tab and Application Iframe Canvas.
If anyone else need one go to
https://www.shopactivate.com/FacebookSSLConnection.aspx
They give you a Https Facebook Address that works with any Facebook Tab and Application Iframe Canvas. you just add their Https address into YOUR Facebook application settings on facebook and they redirect seamlessly users to your application (without any one notice it). I thought I should share this since we all have difficulties with facebook. Good luck!!
wow what a wonderful post and I am very happy to read this.
Facebook Apps
Guys ! i am very new in facebook apps and try to make a new facebook app since last 2 days but i havn't any solution for secure canvas url how i can done my job ......give me any solution
thnx.
An informative post with new ideas!
thanks,
a href="http://www.facebookdoper.com.au"> Facebook app development
Facebook ecommerce
Facebook for Business Page
I uses socialserver and and all looked good.
THEN - a obtrusive popup ad appears OVER my canvas content!
It worked for me, but you need to use bitly.com to shorten the url.
www.facebook.com/40DaysToFocus
I recorded in a short video if anyone needs to see how.
The social server doesnt fulfill the secure canvas url as now facebook gives an error that the secure canvas should point to a directory (ending with '/') or a dynamic page (having '?' in between)
I had been searching too and I found this app:
Static HTML: iframe tabs. I can still pull content into my page. You just need to design your css and stuff. And another cool feature is the ability to use Javascript.
This is nuts. I manage a number of websites and FB business pages for clients. The websites are on a shared server and i can't install SSL as the certificates validate the domains. I'd have to move every site that wanted a FB canvas page to its own hosting account and install an SSL? Ludicrous.
I guess Facebook has gotten so freaking big it can do whatever it wants without thought to the people who are supporting it.
here is a open source ssl http://cert.startcom.org/ also check this out http://social-server.com/index/
Came across a statement yesterday that people were making pages using Wordpress. That you could easily have a template with a width to fit FaceBook and then a couple of links. I thought, that I could do that. I could install WP in multiple sub-directories and then build custom landing pages, but adding in the issue of SSL is just one more thing. Like Brian said, what happens to an SSL page if it has embedded YouTube for example??? If this rule is retroactive, there are going to be a lot of broken pages on FaceBook.
I just purchased a SSL Cert and installed it for the purpose of these secure Facebook Canvas page. It was only USD12.99 (on offer now)
You can read more at my blog
http://dumbpcs.blogspot.com/2011/09/ssl-cert-installation-facebook-canva...
Today I purchased a SSL Cert and installed it for the purpose of using it for Facebook Canvas page. SSL Cert was on offer for USD12.99 per year.
Read my full post here
http://dumbpcs.blogspot.com/2011/09/ssl-cert-installation-facebook-canva...
Hi there, thanks for the social-server.com suggestion.
I went and tried it out and I must says its much easier than i thought it would be to make my pages viewable over SSL.
Thanks again for the post! You saved me alot of time and money...
Paul
When SSL certificate is $49/per it can be costly. It is like you have to pick one site; nurture it until it is successful; generate cash and then pay for another SSL certificate for your other fanpage. Is it me or is this crazy. I understand needing security.
I'm not a fan of this change - for the company FB page I manage, I have created a few plain HTML canvas pages (I know there are free apps out there for it, but they don't let you customize the icon AFAIK) and adding an SSL cert on my budget is a big shock.
I'm a total noob to https - how will this work with embedded content (non-https) that is displayed through an https web page? (ie. - iframe embedded YouTube video, google map) Will this kick on the warning? I'm afraid I'm losing a great way of making FB work for our company through custom canvas content.
Add your comment