• This forum has been archived. New threads and replies may not be made. All add-ons/resources that are active should be migrated to the Resource Manager. See this thread for more information.

Important Facebook Change

Mike Edge

Mike Edge

Well-known member
For October 1st, you need to connect to FB over a secure connection.

Go into fb_channel.php and change the bottom line to..

<script src="https://connect.facebook.net/<?php echo htmlspecialchars($locale); ?>/all.js"></script>

In template account_facebook

change both facebook urls to https:// instead of the current http://

In page_container change line 2 to:

<html id="XenForo" lang="{$visitorLanguage.language_code}" class="Public {xen:if {$visitor.user_id}, 'LoggedIn', 'LoggedOut'} {xen:if {$sidebar}, 'Sidebar', 'NoSidebar'}" xmlns:fb="https://www.facebook.com/2008/fbml">

Also you will need to have SSL for your site or FB connect will fail auth.
 
I propose everyone ditches facebook integration, do you really want your users getting SSL nags about insecure content getting displayed on your forum all for a couple of "likes/recommends"?
 
Mike Edge said:
If your using the changes above, there should be no nagging for secure connections.
Click to expand...
I've found reference to the deprecation of old connection methods and a migration to Oath 2 (which we already use in XenForo) but I have found absolutely no reference to a mandated SSL request. The most recent Facebook developer blogs don't mention it, and all the code examples on the Facebook developer site still use the http:// method.
 
Mike Edge said:
Correct, Also Kier if you join https://www.facebook.com/groups/fbdevelopers/ you can indeed confirm auth connections via http will result in a 301 error page. I haven't found docs confirming this. But it is coming first hand from FB staff in the group that it will.
Click to expand...
I'll see what I can find, but from the docs that are there, it appears to be referring to canvas apps, rather than website interaction plug-ins and tools such as used by XenForo.
 
Yeah, the SSL will be required for canvas apps (for pages)! ;) So Facebook Connect will still work without an "secure connection"
 
It has been confirmed though that all calls to all.js will need to be changed to https://connect.facebook.net

The impression the developer group has is that it will be required to use SSL as they are considering the connect button to be a tab. I messaged Cat Lee who is the Program Manager for 3rd party developer relations at FB to clearify. I'll update once I hear back.
 
I really don't think so but you can proof me wrong.

If that's really true, at least 90% of the sites would go without facebook (connect) instead of using SSL.
 
Crazy-Achmet said:
I really don't think so but you can proof me wrong.

If that's really true, at least 90% of the sites would go without facebook (connect) instead of using SSL.
Click to expand...

I have a SSL cert, so not really worried either way. I think FB though is more concerned with securing their platform over breaking small 3rd party sites using FB connect. A lot of the older FBML apps that will be broken come Oct 1st proves that.

Great Kier, be great to get official word on this.
 
Sweet! I mean I would of bought the multi-site cert, but I am pretty happy I do not have to deal with that now! :)
 
You must log in or register to reply here.

Similar threads

erich37
  • Question Question
XF 1.5 Facebook-Link in XenForo Source-Code ?
Replies
1
Views
977
Paul B
Paul B
abdfahim
Fixed Inconsistent XF behavior with Facebook SDK
Replies
4
Views
2K
abdfahim
abdfahim
bsdinsight
  • Question Question
XF 1.1 Forum favicon
Replies
6
Views
4K
bsdinsight
bsdinsight
Puntocom
  • Question Question
xmlns:fb in default PAGE_CONTAINER
Replies
1
Views
641
Paul B
Paul B
T
  • Question Question
questions about template:PAGE_CONTAINER
Replies
1
Views
559
James
J
Top Bottom