Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
Starting Oct 1st, canvas pages and tabs must use HTTPS (or remain in sandbox mode).
Facebook has made these secure urls available a application properties. So the modules should set them automatically.
Comment | File | Size | Author |
---|---|---|---|
fb_secure_urls_d6.diff | 2.72 KB | Dave Cohen |
Comments
Comment #1
notluap CreditAttribution: notluap commentedI successfully setup my Drupal site/canvas app to use HTTPS; however, when I access the Facebook canvas app through https://apps.facebook.com/myapp the app loads correctly over https, but then clicking any link in the app brings you back to a normal http unsecured page.
I don't have this problem when clicking links on my normal Drupal domain over https, only in the canvas app.
Any thoughts?
Comment #2
Dave Cohen CreditAttribution: Dave Cohen commentedIt looks like when you provide a secure URL, it's always used. So even at http://apps.facebook.com/.... the iframe is https://....
So there's no way for drupal to know whether the original apps.facebook.com url is https or not. I suppose it is better to send a user from http to https rather than the other way around.
Comment #3
Dave Cohen CreditAttribution: Dave Cohen commentedImproved the code and checked it in.