Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Does Facebook SDK require HTTPS?

Tags:

I am using facebook SDK. I am getting the following error:

Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https:// 

After studying I came to know that I have to set 'Enforce HTTPS' as NO under 'facebook login> Setting> '. But I can not set Enforce HTTPS as NO. Is this problem is from mine? OR I facebook restrict to use https instead of http?

like image 728
Abdus Sattar Bhuiyan Avatar asked Mar 21 '18 07:03

Abdus Sattar Bhuiyan


People also ask

Does Facebook use http or https?

We now use https by default for all Facebook users. This feature, which we first introduced as an option two years ago, means that your browser is told to communicate with Facebook using a secure connection, as indicated by the "https" rather than "http" in https://www.facebook.com.

How does Facebook SDK work?

The Facebook SDK is a set of software components that developers can include in their mobile app to understand how people use the app, run optimized marketing campaigns and enable Facebook login and social sharing. This course helps you understand the purpose of the Facebook SDK and App Events for Android and iOS.

How do I turn off enforce https on Facebook?

This setting is in the Products > Facebook Login > Settings section of the App Dashboard. Disable this setting if you are not building a custom web login flow or using the Facebook Login SDK on the web. Enforce HTTPS.


2 Answers

enable Client OAuth Login and write "localhost:3000" in Valid OAuth Redirect URIs.
Save changes. it will automatically change to https://localhost:3000 , but it doesn't matter...
And set Status: In Development (THIS IS IMPORTANT!)
Then it will work in your http localhost.

like image 124
Travis Yu Avatar answered Oct 05 '22 14:10

Travis Yu


But I can not set Enforce HTTPS as NO. Is this problem is from mine?

https://developers.facebook.com/docs/facebook-login/security:

Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019.

Sounds to me, like they don’t want you to be able to even start without HTTPS, when you are creating a new app now.


Plus, Chrome has recently announced that they will mark all HTTP sites as insecure soon, from version 68 on, that will be released in July 2018. So you’re gonna have to go HTTPS rather sooner than later anyway.

The “big players” of the industry are currently pushing for this big time, whether we want it or not.

like image 21
CBroe Avatar answered Oct 05 '22 14:10

CBroe