Facebook iframe triggers unsecure/secure warning
https://stackoverflow.com/questions/4141644
-
30-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'd like to use the Facebook social plugins (which are iframes) on my secure page. I have the facebook src attribute as "https://www.facebook...." which allows the page to render no problemo in Firefox, but for some reason, only on IE, this still triggers the warning that the page has both secure and unsecure elements. Any ideas?
EDIT: The problem is actually occuring in all browsers, not just IE. As described by Nathan below, there really isn't a solution besides not including the fb plugin.
Solution 4
There are two versions of the Facebook social plugins - the iframe format, and the XFBML format. The XFBML format harnesses Facebook's Javascript SDK and can be served over SSL. Pros and cons are that XFBML requires more work, and iframe format is a straight copy and paste. I have not tried yet, but is made clear in the aforementioned deocumentation.
OTHER TIPS
The social plugins contain images, scripts, and css that are hosted off of Facebook's akamai servers that are always http only. The static content is on addresses such as http://static.ak.fbcdn.net/. In short, there isn't going to be any way around this unless Facebook redesigned the plugins to host the static content off of secure servers. This is very unlikely considering they would have to enable ssl on their entire CDN network. I would suggest making the pages with social plugins non-ssl and simply switch to ssl only when it is needed.
Just for completion, this is fixed now for iframe plugins, too. They can be served via https and loads all resources from https.
I had the same problem with my .Net canvas app that initially seemed limited to IE and Firefox but recently exhibited the same behaviour in Chrome. Turned out I was not referencing the SSL URL of the Facebook Javascript SDK in the markup of my aspx pages:
<asp:ScriptReference Path="http://connect.facebook.net/en_US/all.js" />
Changed this to:
<asp:ScriptReference Path="https://connect.facebook.net/en_US/all.js" />
and now no longer getting the secure content warnings.
Also believe disabling proxy server and browser caching by calling the following methods of the Response object in the Page_Load event helped:
Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();
Thanks to "TonyDong" for that tip: http://forums.asp.net/t/1013531.aspx/4/10
I had the same problem of like box in IE. Then I installed the iframe variant. Now everything is fine.
