diff --git a/README.md b/README.md
index ded683b..9993836 100644
--- a/README.md
+++ b/README.md
@@ -36,6 +36,7 @@ You can configure several options, which you pass in to the `provider` method vi
 
 * `scope`: A comma-separated list of permissions you want to request from the user. See the Facebook docs for a full list of available permissions: http://developers.facebook.com/docs/reference/api/permissions. Default: `email,offline_access`
 * `display`: The display context to show the authentication page. Options are: `page`, `popup`, `iframe`, `touch` and `wap`. Read the Facebook docs for more details: http://developers.facebook.com/docs/reference/dialogs#display. Default: `page`
+* `secure_image_url`: Set to `true` to use https for the avatar image url returned in the authentication hash. Default is `false`.
 
 For example, to request `email`, `offline_access` and `read_stream` permissions and display the authentication page in a popup window:
 
diff --git a/lib/omniauth/strategies/facebook.rb b/lib/omniauth/strategies/facebook.rb
index a3f183c..1480748 100644
--- a/lib/omniauth/strategies/facebook.rb
+++ b/lib/omniauth/strategies/facebook.rb
@@ -35,7 +35,7 @@ class NoAuthorizationCodeError < StandardError; end
           'name' => raw_info['name'],
           'first_name' => raw_info['first_name'],
           'last_name' => raw_info['last_name'],
-          'image' => "http://graph.facebook.com/#{uid}/picture?type=square",
+          'image' => "#{options[:secure_image_url] ? 'https' : 'http'}://graph.facebook.com/#{uid}/picture?type=square",
           'description' => raw_info['bio'],
           'urls' => {
             'Facebook' => raw_info['link'],
diff --git a/spec/omniauth/strategies/facebook_spec.rb b/spec/omniauth/strategies/facebook_spec.rb
index 67010ba..7aee0fc 100644
--- a/spec/omniauth/strategies/facebook_spec.rb
+++ b/spec/omniauth/strategies/facebook_spec.rb
@@ -112,12 +112,12 @@
   end
 
   describe '#info' do
-    before :each do
-      @raw_info ||= { 'name' => 'Fred Smith' }
-      subject.stub(:raw_info) { @raw_info }
-    end
-
     context 'when optional data is not present in raw info' do
+      before :each do
+        @raw_info ||= { 'name' => 'Fred Smith' }
+        subject.stub(:raw_info) { @raw_info }
+      end
+
       it 'has no email key' do
         subject.info.should_not have_key('email')
       end
@@ -151,7 +151,12 @@
       end
     end
 
-    context 'when data is present in raw info' do
+    context 'when optional data is present in raw info' do
+      before :each do
+        @raw_info ||= { 'name' => 'Fred Smith' }
+        subject.stub(:raw_info) { @raw_info }
+      end
+
       it 'returns the name' do
         subject.info['name'].should eq('Fred Smith')
       end
@@ -221,6 +226,13 @@
         subject.info['verified'].should be_false
       end
     end
+
+    it 'returns the secure facebook avatar url when `secure_image_url` option is specified' do
+      @options = { :secure_image_url => true }
+      raw_info = { 'name' => 'Fred Smith', 'id' => '321' }
+      subject.stub(:raw_info) { raw_info }
+      subject.info['image'].should eq('https://graph.facebook.com/321/picture?type=square')
+    end
   end
 
   describe '#raw_info' do