FaceBook loading HTTPS hosted iframe apps via POST

Question

I was involved in a fanpage project using the JS API so we decided to host the site on an Amazon S3 bucket as a) it's static content and b) Amazon have an SSL certificate required by Facebook apps since Oct 2011.

But it turns out that instead of going a HTTP GET, Facebook is requesting the fanpage via an HTTP POST (an additional security check? why don't they just to an HTTP HEADERS?).

Amazon wisely sends back the following:

405 Method Not Allowed
Code: MethodNotAllowed
Message: The specified method is not allowed against this resource.
ResourceType: OBJECT
Method: POST
RequestId: XXXXXXXXXXXXX
HostId: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

...as it figures that Facebook is trying to upload via the POST

The irony is that Facebook actually recommend using S3 for those who don't have an SSL certificate on http://www.facebook.com/note.php?note_id=10150223945345844

Bottom line: Has anyone managed to host a fanpage on an S3 bucket post October 2011? Is there a bucket policy that can help with this?

Answer 1

An option would be to use cloudfront to point to an EC2 instance. This will happily accept Post requests. Just make sure you set a very long cache TTL on your response headers to ensure the instance doesn't keep getting hit by requests. You can still host your images etc in s3. The EC2 instance will just be in charge of translating the post request.