Facebook forces every developer of Facebook Apps to make all Apps (and that also means Tabs) available via iFrame by 1.10.2011 (pure Connect pages are not affected). Unfortunately the willing develpoer is at the moment not to 100% in a position to do so, because the Facebook SDK (the proxy script that is used to load external content) is addressed via HTTP. Therefore the browsers show no green http, but mark the HTTPS connection as unsafe. IE8 even goes to such lengths as to show a rather annoying dialogue box at the bottom of the browser window which has to be acknowledged with a mouse click in order to show the entire content.
So much for the problem. But I have promised a solution. And here it is, it’s an evil workaround, but it works, hopefully until FB can solve the problem at the root, and that may take a while, the bug was reported 10 weeks ago.
The user “timeshifting” has posted the solution in the facebook forum.
Directly after loading the JS-SDK, resp. directly after the FB.Init (not every page needs the Init, e.g. when only the FB.Canvas.setSize() method is needed), a small undocumented function of Facebook is accessed, which rewrites the URL from http to https. In code it looks like this:
<br />window.fbAsyncInit = function() {<br /> FB.init({appId: 'XXXXXXXXXXX', status: true, cookie: true, xfbml: true});<br /> if(document.location.protocol == 'https:' && !!FB && !!FB._domain && !!FB._domain.staticfb){<br /> FB._domain.staticfb = FB._domain.staticfb.replace('http://static.ak.facebook.com/', 'https://s-static.ak.fbcdn.net/');<br /> }<br />};<br />
This post is also available in German
