I'm a web developer based in Manchester, England. I also design websites. I generally favour open-source technologies such as PHP, MySQL and JQuery, and I have extensive experience using Drupal.
Facebook Canvas Pages to Require SSL Certificates
12
On the first of October, Facebook will make another change which could have a significant – and potentially costly – impact to your applications and pages. As part of its latest moves to increase security across the platform, in addition to OAuth adoption they will expect that your canvas applications to be hosted at a secure address (https). If a user browses to your page via https – and millions are beginning to change their settings so that they are – instead of your lovingly crafted content, they’ll see the following warning:
If you go to an application’s settings, you’ll notice a new option, Secure Canvas URL, with the footnote “Required: SSL Cert by October 1, 2011”, pictured below.
In other words, the option is there already to specify a secure URL for your canvas application already, but by October 1st this will be a proviso, and that means you’ll need to install an SSL certificate. This isn’t trivial, and it’s often not cheap – particularly if you have multiple pages / applications over a number of domains, and remember that the cheapest SSL certificates aren’t necessarily supported by every browser.
You can read Facebook’s original announcement on their blog, as well as some feedback on the move here. Personally I agree with the developer that in many cases SSL just isn’t necessary – particularly if all you’re doing is displaying external content on a Facebook page. But this is the price for a more secure platform, it seems.
There is one possible solution – a website has come to my attention called Social Server, which appears to host a Facebook application for you on a secure server. However I haven’t tried it – if anyone has used it, do let me know in the comments.
12 comments
About Me
Blog Categories
Tags
Recent Comments
2 weeks 6 days ago commented on Using an Additional Database in Drupal 7:
Read more...Lukas,
Thanks so much for posting this, could you possibly help a newbie out and show...
6 weeks 1 day ago commented on Using Less, the Dynamic Stylesheet Language, in Concrete5:
Read more...Hello,
I'm using bootstrap with Less .
I'm trying to get this package to work with...
6 weeks 5 days ago commented on Using Less, the Dynamic Stylesheet Language, in Concrete5:
Read more...Thanks for the add-on! I'd love to use it but when installing I was told it was incompatible...
Most Commented
- Facebook Canvas Pages to Require SSL Certificates 12 comment(s)
- Using Less, the Dynamic Stylesheet Language, in Concrete5 7 comment(s)
- Migrating a Concrete5 Site from Windows to Linux, and MySQL Case Sensitivity Hell 7 comment(s)
- Creating a Concrete5 Package: Integrating the Craftyslide JQuery Plugin 7 comment(s)
- A Look at the Concrete5 CMS 5 comment(s)
I uses socialserver and and all looked good.
THEN - a obtrusive popup ad appears OVER my canvas content!
It worked for me, but you need to use bitly.com to shorten the url.
www.facebook.com/40DaysToFocus
I recorded in a short video if anyone needs to see how.
The social server doesnt fulfill the secure canvas url as now facebook gives an error that the secure canvas should point to a directory (ending with '/') or a dynamic page (having '?' in between)
I had been searching too and I found this app:
Static HTML: iframe tabs. I can still pull content into my page. You just need to design your css and stuff. And another cool feature is the ability to use Javascript.
This is nuts. I manage a number of websites and FB business pages for clients. The websites are on a shared server and i can't install SSL as the certificates validate the domains. I'd have to move every site that wanted a FB canvas page to its own hosting account and install an SSL? Ludicrous.
I guess Facebook has gotten so freaking big it can do whatever it wants without thought to the people who are supporting it.
here is a open source ssl http://cert.startcom.org/ also check this out http://social-server.com/index/
Came across a statement yesterday that people were making pages using Wordpress. That you could easily have a template with a width to fit FaceBook and then a couple of links. I thought, that I could do that. I could install WP in multiple sub-directories and then build custom landing pages, but adding in the issue of SSL is just one more thing. Like Brian said, what happens to an SSL page if it has embedded YouTube for example??? If this rule is retroactive, there are going to be a lot of broken pages on FaceBook.
I just purchased a SSL Cert and installed it for the purpose of these secure Facebook Canvas page. It was only USD12.99 (on offer now)
You can read more at my blog
http://dumbpcs.blogspot.com/2011/09/ssl-cert-installation-facebook-canva...
Today I purchased a SSL Cert and installed it for the purpose of using it for Facebook Canvas page. SSL Cert was on offer for USD12.99 per year.
Read my full post here
http://dumbpcs.blogspot.com/2011/09/ssl-cert-installation-facebook-canva...
Hi there, thanks for the social-server.com suggestion.
I went and tried it out and I must says its much easier than i thought it would be to make my pages viewable over SSL.
Thanks again for the post! You saved me alot of time and money...
Paul
When SSL certificate is $49/per it can be costly. It is like you have to pick one site; nurture it until it is successful; generate cash and then pay for another SSL certificate for your other fanpage. Is it me or is this crazy. I understand needing security.
I'm not a fan of this change - for the company FB page I manage, I have created a few plain HTML canvas pages (I know there are free apps out there for it, but they don't let you customize the icon AFAIK) and adding an SSL cert on my budget is a big shock.
I'm a total noob to https - how will this work with embedded content (non-https) that is displayed through an https web page? (ie. - iframe embedded YouTube video, google map) Will this kick on the warning? I'm afraid I'm losing a great way of making FB work for our company through custom canvas content.
Add your comment