Facebook - 画布页面选项卡如何处理HTTPS？ [英] Facebook — How Do Canvas Page Tabs Handle HTTPS?

问题描述

我正在使用一个可以在页面选项卡中运行的FB画布应用程序。该应用程序将采取卡付款，因此一些页面将需要安全。对于在HTTPS上浏览Facebook的用户，没有任何问题。我不确定的是如何处理这些HTTP。

我特别关心Facebook代理iframe的方式。如果用户是HTTP，但是iframe的内容是HTTPS，那是不是意味着这些内容首先加密到FB？

我有兴趣知道如何FB iframe代理工作，并听取任何人的安全FB画布应用程序的经验。

提前感谢
Ross

解决方案

在进一步检查FB画布页面时，似乎FB代理存在来处理POST提交到画布应用程序。它包含一个自动提交表单，发布到画布URL。从我可以收集的内容，它不会代替与iframe的任何通信。

对HTTPS的重定向似乎工作正常，JQuery从页面没有麻烦。

I'm working on a FB canvas application that will run in a page tab. The app will be taking card payments, so some pages will need to be secure. For users browsing Facebook on HTTPS, there are no problems. What I'm unsure about is how to handle those on HTTP.

I'm particularly concerned about the way in which Facebook proxies the iframe. If the user is on HTTP, but the iframe content is HTTPS, does that mean that the content travels unencrypted to FB first?

I'd be interested to know how the FB iframe proxy works, and to hear of anyone's experience with secure FB canvas apps.

Thanks in advance, Ross

解决方案

On further examination of the FB canvas pages, it seems that the FB proxy exists to handle the POST submission to the canvas application. It contains an auto-submitting form which posts to the canvas URL. From what I can gather, it doesn't proxy any communication with the iframe after that.

Redirections to HTTPS do seem to work fine, and JQuery picks up the protocol from the page without trouble.

这篇关于Facebook - 画布页面选项卡如何处理HTTPS？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！