I have created two Facebook canvas apps. I am having problems with people accessing the apps. In the app settings you must enter:
Canvas URL Secure Canvas URL
Secure Canvas URL wont accept HTTP links but only HTTPS. When some of my users go to my app link like http://apps.facebook.com/my_app Facebook automatically redirects them to https://...
Canvas app content is loaded from my server which is only accessible via HTTP. The users which are redirected to https://apps.facebook.com/my_app then can not load my app since Facebook canvas wants to load content from my server via HTTPS. How do I solve this, without enabling SSL on mu server?
And not all users are redirected to https://apps.fa...? How is this handled?
I have come up with an interesting hack for this problem.
You can create a HTML file that is accessible over HTTPS that just redirects to your webpage. For example, you can use dropbox. Since Facebook loads your secure canvas URL page in an iframe, your code needs to redirect the top page. Something like this.
<html>
<head>
<script>
function onLoad() {
window.top.location.href="<your website>";
}
</script>
</head>
<body onload="onLoad()">
<p>Please wait while you are being redirected to <your website name>…</p>
</body>
</html>
And provide this link as the secure canvas URL. I blogged about this in more detail - http://blog.almabase.com/post/84579042935/interesting-hack-for-facebook-secure-canvas-url