Permalink
Browse files

Don't use https for static resources

Summary:
If an internal url uses https the outer frame is still using
http, so we shouldn't base the protocol assumption on the internal frame
url.

If we do cross domain communication to an outer https url, then rethink
this.

Test Plan:
Tested with an app of https://fbrell.com/ as the canvas endpoint. Correctly
resized for sanbox code, but was fataling with currently deployed code

DiffCamp Revision: 116653
Reviewed By: naitik
Commenters: mathewsb
CC: ptarjan, lshepard, brent, mathewsb, naitik, mattwkelly, selekman
Tasks:
#212617: make the fbconnect never use https://

Revert Plan:
OK
  • Loading branch information...
1 parent 6866be7 commit d154c82f58353f93720748243832b31ed5347191 @ptarjan ptarjan committed May 21, 2010
Showing with 1 addition and 3 deletions.
  1. +1 −3 src/core/prelude.js
View
4 src/core/prelude.js
@@ -84,9 +84,7 @@ if (!window.FB) {
? 'https://s-static.ak.fbcdn.net/'
: 'http://static.ak.fbcdn.net/'),
graph : 'https://graph.facebook.com/',
- staticfb : (window.location.protocol == 'https:'
- ? 'https://s-static.ak.facbook.com/'
- : 'http://static.ak.facbook.com/'),
+ staticfb : 'http://static.ak.facebook.com/',
www : window.location.protocol + '//www.facebook.com/'
},
_locale: null,

1 comment on commit d154c82

@kiltec

This commit seems to cause a bug with Webkit-based browsers, see this issue:
http://github.com/facebook/connect-js/issues/issue/214

Please sign in to comment.