I’ve launched an application last week and have noticed since that in Chrome only the height of my canvas is not always adjusted. I’ve spent a bunch of hours looking at the issues and noticed that I get the following error – sometimes.
Unsafe JavaScript attempt to access frame with URL https://apps.facebook.com/tabletr/ from frame with URL
Now, knowing a thing or two about programming I deduced that this is likely due to https and http being used interexchangably. I get the error (sometimes) with secure browsing “on” on Facebook and never with “off”.
But what I find really odd is that the issue occurs sporadically when browsing over HTTPS. I still haven’t found any pattern to the issue coming up or my code working as intended. I know there are a few posts on here on this topic and I’ve tried a number of workarounds but none seem to have solved my problem. Here’s part of my code-
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId : '<myid>', // App ID
channelUrl : '//tabletr.herokuapp.com/channel.php', // Channel File
status : false, // Check login status
cookie : true, // Enable cookies to allow the server to access the session
xfbml : false // Parse XFBML
});
// Additional initialization code here
FB.Canvas.setSize({ height: 1200 });
};
// If I comment out this function I don't get any unsafe URL errors
// anymore. I'm guessing that the include of the JavaScript code either
// fails to use the right protocol or is faulty in its implementation
// by Facebook. My money is on the former.
(function(d){
var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
js = d.createElement('script'); js.id = id; js.async = true;
//js.src = "//connect.facebook.net/en_US/all.js";
js.src = "//tabletr.herokuapp.com/js/all.js";
d.getElementsByTagName('head')[0].appendChild(js);
}(document));
</script>
How do I fix this? I’m out of them to be honest. Maybe my channel file implementation is wrong?
Updated code
<div id="fb-root"></div>
<script>
window.fbAsyncInit = function() {
FB.init({
appId : '<myid>', // App ID
channelUrl : '//tabletr.herokuapp.com/channel.php', // Channel File
status : false, // Check login status
cookie : true, // Enable cookies to allow the server to access the session
xfbml : false // Parse XFBML
});
// Additional initialization code here
FB.Canvas.setSize({ height: 1200 });
};
// If I comment out this function I don't get any unsafe URL errors
// anymore. I'm guessing that the include of the JavaScript code either
// fails to use the right protocol or is faulty in its implementation
// by Facebook. My money is on the former.
(function(d){
var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
js = d.createElement('script'); js.id = id; js.async = true;
js.src = "//connect.facebook.net/en_US/all.js";
//js.src = "//tabletr.herokuapp.com/js/all.js";
d.getElementsByTagName('head')[0].appendChild(js);
}(document));
</script>
I’ve updated my code based on Stack OVerflow question Facebook JavaScript SDK over HTTPS loading non-secure items – this, however, hasn’t fixed the issue yet. I came across the following bug report from 2012-01-19, which shows the same symptoms I’m facing. Fingers crossed this will be fixed by Facebook soon!
https://developers.facebook.com/bugs/192507854181725?browse=search_4f2bbd593f8798794293016
Facebook has acknowledged this as a bug and assigned to an engineer. You can track the progress at https://developers.facebook.com/bugs/192507854181725?browse=search_4f2bbd593f8798794293016