Don't use https for static resources

Summary: If an internal url uses https the outer frame is still using http, so we shouldn't base the protocol assumption on the internal frame url. If we do cross domain communication to an outer https url, then rethink this. Test Plan: Tested with an app of https://fbrell.com/ as the canvas endpoint. Correctly resized for sanbox code, but was fataling with currently deployed code DiffCamp Revision: 116653 Reviewed By: naitik Commenters: mathewsb CC: ptarjan, lshepard, brent, mathewsb, naitik, mattwkelly, selekman Tasks: #212617: make the fbconnect never use https:// Revert Plan: OK
xantus · May 24, 2010 · d154c82 · d154c82
1 parent 6866be7
commit d154c82
Showing 1 changed file with 1 addition and 3 deletions.
diff --git a/src/core/prelude.js b/src/core/prelude.js
@@ -84,9 +84,7 @@ if (!window.FB) {
                    ? 'https://s-static.ak.fbcdn.net/'
                    : 'http://static.ak.fbcdn.net/'),
       graph    : 'https://graph.facebook.com/',
-      staticfb : (window.location.protocol == 'https:'
-                   ? 'https://s-static.ak.facbook.com/'
-                   : 'http://static.ak.facbook.com/'),
+      staticfb : 'http://static.ak.facebook.com/',
       www      : window.location.protocol + '//www.facebook.com/'
     },
     _locale: null,