Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://

Nimish David Mathew picture Nimish David Mathew · Mar 21, 2018 · Viewed 51.7k times · Source

I am implementing Passport Facebook Authentication by linking the Facebook Authentication API route to a button using href like:

<a href="auth/facebook">Facebook Login</a>

When I click on the button, it redirects to the Facebook Authentication page. But on the page, an error message is displayed saying something like "Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://"

How can I fix this issue?

Answer

Christopher picture Christopher · Mar 22, 2018

Amazingly I just started trying to do the same thing like an hour ago and have been having the same issue. If you go into the FB developer portal and go to Settings under Facebook Login there's an option to Enforce HTTPS.

enter image description here

Further Investigation Showed:

"Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt."

Reference: Login Security