Home/ Questions/Q 8129593
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T08:22:13+00:00

I’m running into an issue that’s arising from the fact that one has to

  • 0

I’m running into an issue that’s arising from the fact that one has to either chose http or https as the scheme in the Site URL parameter in settings for a Facebook app.

Upon invoking FB.ui, the SDK takes it upon itself to send an “origin” parameter which has the domain of the current page. If this origin domain doesn’t match the Site URl parameter in app settings, it throws an “invalid redirect uri” error. The page we’re invoking on is not secure (http), but our Site URL is set up as https because we use FB connect on our secure login pages (https).

We want to avoid the overhead of having to make these extraneous FB.ui pages https as well, but as far as we’ve seen we cannot specify multiple Site Urls (to account for both http and https).

Is there a good solution to this? Perhaps a way to “block” or modify the origin parameter FB.ui sends?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You can also programmaticly set the parameters for a secue canvas URL via REST or Open Graph API.

    property secure_canvas_url

    REST – https://developers.facebook.com/docs/appproperties/

    Open Graph – https://developers.facebook.com/docs/reference/api/application/#props

    Note the following regarding HTTPS on FBML applications

    FBML apps

    We have heard that there is some confusion about whether FBML apps
    must support HTTPS. FBML developers still need to know whether users
    are browsing Facebook over a secure connection since they need to
    detect whether to serve iframe or video content over HTTPS. As a
    result, FBML apps must obtain SSL certificates in order to serve this
    type of content to users browsing over a secure connection. If you
    have an FBML app, please obtain an SSL certificate for your app to
    receive traffic from users browsing Facebook over a secure connection.

    If you enable SSL for your FBML app, please make sure that your SSL
    certificate includes all intermediate certificates in the chain of
    trust as our SSL validation is strict. You can use third-party SSL
    analysis tools (e.g., https://www.ssllabs.com/index.html) to check
    your certificate status and fix any errors (and warnings). If your SSL
    certificate has problems, you may see “Empty response received” error
    when you load your FBML canvas app.

    See the following for a complete description

    http://developers.facebook.com/blog/post/567/

    Before all else fails , check mark your app as a canvas application in application settings (even if it is not technically a canvas app). And set an https url. This may solve any https related issue before having to address it programmaticly.

    • 0