1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
  2. This forum is for release discussion only. Discussions that do not relate specifically to the resource release should be discussed in another, more appropriate forum.
    Dismiss Notice
  3. This forum has been archived. New threads and replies may not be made. All add-ons/resources that are active should be migrated to the Resource Manager. See this thread for more information.

Important Facebook Change

Discussion in 'Code Modifications [Archive]' started by Da Bookie Mon, Sep 29, 2011.

  1. Da Bookie Mon

    Da Bookie Mon Well-Known Member

    For October 1st, you need to connect to FB over a secure connection.

    Go into fb_channel.php and change the bottom line to..

    <script src="https://connect.facebook.net/<?php echo htmlspecialchars($locale); ?>/all.js"></script>

    In template account_facebook

    change both facebook urls to https:// instead of the current http://

    In page_container change line 2 to:

    <html id="XenForo" lang="{$visitorLanguage.language_code}" class="Public {xen:if {$visitor.user_id}, 'LoggedIn', 'LoggedOut'} {xen:if {$sidebar}, 'Sidebar', 'NoSidebar'}" xmlns:fb="https://www.facebook.com/2008/fbml">

    Also you will need to have SSL for your site or FB connect will fail auth.
    nusapromo likes this.
  2. ChemicalKicks

    ChemicalKicks Well-Known Member

    I propose everyone ditches facebook integration, do you really want your users getting SSL nags about insecure content getting displayed on your forum all for a couple of "likes/recommends"?
  3. Da Bookie Mon

    Da Bookie Mon Well-Known Member

    There is good money in sites using fb intergration if done correctly. Ditching it for lazyness of not fixing it correctly would be something vB would do.. not XF.
  4. ChemicalKicks

    ChemicalKicks Well-Known Member

    How would you get past the mixed content nags?

    I'm probably being extreme but I'm just not playing with facebook anymore.
  5. Kier

    Kier XenForo Developer Staff Member

    Can you cite your source, please?
  6. Da Bookie Mon

    Da Bookie Mon Well-Known Member

    If your using the changes above, there should be no nagging for secure connections.
  7. Kevin

    Kevin Well-Known Member

  8. Kier

    Kier XenForo Developer Staff Member

    I've found reference to the deprecation of old connection methods and a migration to Oath 2 (which we already use in XenForo) but I have found absolutely no reference to a mandated SSL request. The most recent Facebook developer blogs don't mention it, and all the code examples on the Facebook developer site still use the http:// method.
  9. Da Bookie Mon

    Da Bookie Mon Well-Known Member

  10. Kier

    Kier XenForo Developer Staff Member

    I'll see what I can find, but from the docs that are there, it appears to be referring to canvas apps, rather than website interaction plug-ins and tools such as used by XenForo.
  11. Crazy-Achmet

    Crazy-Achmet Active Member

    Yeah, the SSL will be required for canvas apps (for pages)! ;) So Facebook Connect will still work without an "secure connection"
  12. robdog

    robdog Well-Known Member

    Okay, so this is NOT required for Facebook Login to our sites???
  13. Da Bookie Mon

    Da Bookie Mon Well-Known Member

    It has been confirmed though that all calls to all.js will need to be changed to https://connect.facebook.net

    The impression the developer group has is that it will be required to use SSL as they are considering the connect button to be a tab. I messaged Cat Lee who is the Program Manager for 3rd party developer relations at FB to clearify. I'll update once I hear back.
  14. Crazy-Achmet

    Crazy-Achmet Active Member

    I really don't think so but you can proof me wrong.

    If that's really true, at least 90% of the sites would go without facebook (connect) instead of using SSL.
    Rich likes this.
  15. Kier

    Kier XenForo Developer Staff Member

    I've contacted my sources too.
  16. Da Bookie Mon

    Da Bookie Mon Well-Known Member

    I have a SSL cert, so not really worried either way. I think FB though is more concerned with securing their platform over breaking small 3rd party sites using FB connect. A lot of the older FBML apps that will be broken come Oct 1st proves that.

    Great Kier, be great to get official word on this.
  17. Scott

    Scott Active Member

    SSL is only needed for canvas apps. Apps that are shown on facebook.com to users.
  18. Brogan

    Brogan XenForo Moderator Staff Member

    There you have it, from the horses mouth, so to speak.
  19. robdog

    robdog Well-Known Member

    Sweet! I mean I would of bought the multi-site cert, but I am pretty happy I do not have to deal with that now! :)
  20. Panupat

    Panupat Well-Known Member

    Who is Scott? Why is he a horse?
    Rob Fritz and James like this.

Share This Page