开发者

Facebook iframe triggers unsecure/secure warning

I'd like to use the Facebook social plugins (which are iframes) on my secure page. I have the facebook src attribute as开发者_如何学运维 "https://www.facebook...." which allows the page to render no problemo in Firefox, but for some reason, only on IE, this still triggers the warning that the page has both secure and unsecure elements. Any ideas?


EDIT: The problem is actually occuring in all browsers, not just IE. As described by Nathan below, there really isn't a solution besides not including the fb plugin.


The social plugins contain images, scripts, and css that are hosted off of Facebook's akamai servers that are always http only. The static content is on addresses such as http://static.ak.fbcdn.net/. In short, there isn't going to be any way around this unless Facebook redesigned the plugins to host the static content off of secure servers. This is very unlikely considering they would have to enable ssl on their entire CDN network. I would suggest making the pages with social plugins non-ssl and simply switch to ssl only when it is needed.


Just for completion, this is fixed now for iframe plugins, too. They can be served via https and loads all resources from https.


I had the same problem with my .Net canvas app that initially seemed limited to IE and Firefox but recently exhibited the same behaviour in Chrome. Turned out I was not referencing the SSL URL of the Facebook Javascript SDK in the markup of my aspx pages:

<asp:ScriptReference Path="http://connect.facebook.net/en_US/all.js" />

Changed this to:

<asp:ScriptReference Path="https://connect.facebook.net/en_US/all.js" />

and now no longer getting the secure content warnings.

Also believe disabling proxy server and browser caching by calling the following methods of the Response object in the Page_Load event helped:

Response.Cache.SetExpires(DateTime.UtcNow.AddMinutes(-1));
Response.Cache.SetCacheability(HttpCacheability.NoCache);
Response.Cache.SetNoStore();

Thanks to "TonyDong" for that tip: http://forums.asp.net/t/1013531.aspx/4/10


There are two versions of the Facebook social plugins - the iframe format, and the XFBML format. The XFBML format harnesses Facebook's Javascript SDK and can be served over SSL. Pros and cons are that XFBML requires more work, and iframe format is a straight copy and paste. I have not tried yet, but is made clear in the aforementioned deocumentation.


I had the same problem of like box in IE. Then I installed the iframe variant. Now everything is fine.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜