Secure Canvas Clarification

Been reading the docs about canvas and secure canvas, mainly due to the requirement that we provide a secure url before october 1. However, I cannot determine with any sense of certainty that we actually need to use a secure canvas.

If we only want to provide the ability for users to "login" and "like", do we even need a canvas? As far as I can tell, a canvas is something that facebook creates an iframe for, which points to a canvas url we provide, which is ultimately displayed on the facebook site.

Any clarification would be apprec开发者_高级运维iated.

Apps accessed via facebook.com (i.e apps.facebook.com/something or via a Page Tab) will need to be accessible over HTTPS - you won't need to make your site to be available over HTTPS for the social plugins or off-Facebook API usage to work

The blog post with the details is https://developers.facebook.com/blog/post/499/ Specifically: All Apps on Facebook (Canvas and Page Tabs) must support HTTPS by October 1.