Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Don't use https for static resources

Summary:
If an internal url uses https the outer frame is still using
http, so we shouldn't base the protocol assumption on the internal frame
url.

If we do cross domain communication to an outer https url, then rethink
this.

Test Plan:
Tested with an app of https://fbrell.com/ as the canvas endpoint. Correctly
resized for sanbox code, but was fataling with currently deployed code

DiffCamp Revision: 116653
Reviewed By: naitik
Commenters: mathewsb
CC: ptarjan, lshepard, brent, mathewsb, naitik, mattwkelly, selekman
Tasks:
#212617: make the fbconnect never use https://

Revert Plan:
OK
  • Loading branch information...
commit d154c82f58353f93720748243832b31ed5347191 1 parent 6866be7
@ptarjan ptarjan authored
Showing with 1 addition and 3 deletions.
  1. +1 −3 src/core/prelude.js
View
4 src/core/prelude.js
@@ -84,9 +84,7 @@ if (!window.FB) {
? 'https://s-static.ak.fbcdn.net/'
: 'http://static.ak.fbcdn.net/'),
graph : 'https://graph.facebook.com/',
- staticfb : (window.location.protocol == 'https:'
- ? 'https://s-static.ak.facbook.com/'
- : 'http://static.ak.facbook.com/'),
+ staticfb : 'http://static.ak.facebook.com/',
www : window.location.protocol + '//www.facebook.com/'
},
_locale: null,

1 comment on commit d154c82

@kiltec

This commit seems to cause a bug with Webkit-based browsers, see this issue:
http://github.com/facebook/connect-js/issues/issue/214

Please sign in to comment.
Something went wrong with that request. Please try again.