Facebook to Require HTTPS on iFrame Page Tab Apps

  • Share

That’s right, another change for your Facebook Page.  If you are using an iFrame Application to host a Page Tab, beginning October 1, 2011, your Facebook Page Tab will disappear if you are not securely serving the content.  With the recent changes going on at Facebook it was decided to break off a segment of WEBphysiology to specifically address Facebook development.  By doing this we can more specifically target a segment of our business while still maintaining the deep integration with the rest of our online offerings.

So, what are all these changes coming out of Facebook?  Well, the first was the deprecation of Facebook Markup Language (FBML) back in March, 2011.  The replacement was a much better one, iFrames!  Facebook iFrames were introduced in February 2011.  iFrames are fantastic in that they utilize standard web development tools while allowing for the inclusion of the Facebook Graph API and other social media tools.  The use of iFrames in Facebook can most often be seen on Page Tabs.  Want to know how to create a Facebook Page Tab?  Then check out our Creating a Facebook iFrame Application post and How-to video.

The next major change is a mandatory requirement that will present itself on October 1, 2011.  This change is the requirement for OAuth 2.0 and HTTPS to be utilized on Facebook Canvas and Page Tab applications.  This means that the source of your Page Tab must be served via a site with an installed SSL Certificate such that the content is served securely via the HTTPS protocol.  One way to do this is to set up an Amazon Simple Storage Service (S3) account.  While this may work for a lot of Facebook Page Tabs, it does not support content that relies on PHP or other server side scripting.  Amazon S3 simply serves up static pages and files.

It is this last change that has us building our iframe Valet service.  Because the pending HTTPS requirement is almost here, our service will be managed via a manual, personal touch.  In the future we hope to make this a more automated offering where that approach best serves our clients.  iframe Valet will be a service that will, amongst other things, host Facebook Page Tab content in a secure manner, thus meeting the Facebook security requirements being implemented on October 1st.  So, if you have a Facebook Page Tab that is being sourced from a site that does not provide for the secure serving of content (SSL/HTTPS), then we will host that content for a modest yearly fee.  Until the iframe Valet site is fully launched you may contact us at WEBphysiology.

  • Share
This entry was posted in Social Networking and tagged , , , , , , , . Bookmark the permalink.

About Jeff Lambert

Entrepreneur Jeff Lambert is the President and founder of JVHM, Inc., a software development business located in the San Francisco Bay Area but serving clients around the globe. Jeff's expertise includes website design and development, Facebook development, blogging integration, SEO, video production, CRM systems, database design and development and more. In his "spare" time Jeff likes to hang out with his family, run, play tennis, fly and breath fresh, clean air.

6 Responses to Facebook to Require HTTPS on iFrame Page Tab Apps

  1. 1sation says:

    I have a few iFrame applications on my facebook page. They basically just pull html content from my website. I already added an SSL certificate to my website and I included the SSL URls on the Secure Page Tab URL as facebook has requested. However, I just received the standard Facebook email notification about these new requirements, but I noticed it says: “All apps, including page tab apps, must migrate to OAuth 2.0 for authentication”

    What exactly is OAuth 2.0? If I already comply with the SSL requirement, do I need to do anything else in order to comply with OAuth 2.0?

    I appreciate your feedback.

    • Jeff Lambert says:

      OAuth comes into play if you are utilizing any Facebook APIs to pull information from the current user’s Facebook instance, like photos, friends…. If you are simply serving your Web content within a Page Tab (iframe) then you should be good with just having the SSL Cert installed.

  2. 1sation says:

    great!! thank you for your quick reply. I feel much better now. I’m a self tought facebook app user, but I havent gotten as far as Facebook APIs…If you have any good articles on it, let me know. I really like your blog.

  3. Pingback: Options for Creating Custom Page Tabs in Facebook | MediaFunnel

  4. lightbody says:

    Using Facebook is an essential way to create a fan base, if known how to use it well. Probably what trips people up is because they do not speak their fan’s language. Obviously it’s not easy, as it’s hard to grow a nice-sized fan like base.

Leave a Reply

Your email address will not be published. Required fields are marked *