Blog Categories

Blog Archive

My Latest Tweets

How to use an SSL Shell to validate non-secure Facebook iFrame Apps PDF Print E-mail
September 20, 2011


UPDATE: This solution has been broken by recent updates from Facebook and is not possible to fix their break.


Facebook has decided to require SSL certificates (https://) for all iFrame Facebook Apps as of October 1st, 2011. This decision has been met with mixed reactions and even I'm conflicted with what I think about it. On one hand, I agree with it because having a secure connection over non-secure will certainly help the casual users that use Facebook and have no need to know what it even is. On the other hand, I don't like it because it then requires people who make Facebook Apps for clients like I do to have SSL Certificates for each client/app. That would be a VERY BIG hassle to deal with especially on websites that have absolutely zero need for SSL, like this site which doesn't collect anything from its visitors.


This tutorial will show you how to use a single SSL Certificate (you need at least one, that is unavoidable) to make as many Facebook Apps on as many Domains as you need to.