Since all your content is in Facebook's iframe, and it's a different domain, you need SSL.
You could go to your Facebook account settings and turn off "secure browsing" which allows you to use Facebook via pure http. I do not recommend this, as you might forget to turn it on later and not even know that stuff does not work for your users.
For testing you can build your own frame (to get proper page size, for example) and mock the Facebook's authentication in your code.
With real Facebook you would need install stuff on some server anyway because other things won't work properly. Facebook's servers cannot contact "localhost" to send you any data, for example.