Facebook Canvas应用：强制SSL

Question

after searching the web for a while, I am still not able to find the correct solution to my problem; How to make sure the browser is redirected to the https app url. Since the canvas app is an iframe, we don't have access to change the window.top.location to the https equivalent.

If the visitor comes to

http://apps.facebook.com/app_name/

I want him redirected to

https://apps.facebook.com/app_name/

Totally unable to fix it with javascript in the app loaded in the canvas since top.location is impossible to tamper with due to cross-domain origin rules. It could have been fixed easily with a redirect rule implemented by Facebook, and I am surprised it's not a checkbox in the Facebook app setup to enforce SSL. We do not want our game to be accessible over http.

I have tested to set both Canvas URL and Secure Canvas URL to point to the https url, but that gives this error (cross-domain trouble): Unsafe JavaScript attempt to access frame with URL http://apps.facebook.com/app_name/ from frame with URL https://s-static.ak.facebook.com/

Please advice.

Answer 1

Ok, so it is possible to redirect the top window. I must have had a typo when I tested it the first time. This tiny script does the trick:

<script>
if ( window.location.protocol == 'http:' ) {
    window.top.location = 'https://apps.facebook.com/app_name/';
}
</script>

However, I still don't understand why this isn't an option in the app setup on Facebook. It would have been a lot more efficient and user friendly with a server side redirect rule.