静音故障在iframe中加载页面应用程序超过https [英] Silent failure loading page application in iframe over https

问题描述

问题

我有一个应用程序在客户端页面上打开选项卡。如果用户尚未启用FB的安全浏览功能，应用程序将正常工作。如果尝试通过HTTPS查看，iframe甚至不会出现（没有错误，没有混合内容警告）。当通过HTTP正确加载时，id为pagelet_app_runner的div将插入一个iframe，并将应用程序内容加载到其中。通过HTTPS，此div保持为空，并且iframe未插入到页面中。在Firebug或Chrome的等效控制台中没有出现Javascript错误。

为什么我在这里要求

主机具有有效的SSL证书，在有问题的URL上没有混合内容。我可以直接访问URL，通过HTTP或HTTPS成功查看内容，我也可以通过访问apps.facebook.com/canvasURL/tabURL来执行相同操作。只有在页面选项卡中尝试查看HTTPS加载失败时，如上所述。我的应用程序配置了常规和安全的画布和标签页。

尝试调试

我已经和Charles记录了一些会话，但是由于iframe没有被插入到页面中，我想我已经发现问题了。我没有查尔斯专家很高兴在这里得到纠正。

Apache没有看到任何对于受影响的负载的请求（在常规或ssl日志中）。非SSL加载按照 access_log 中的预期进行。

请求帮助 / p>

我没有想法来调试这个。有人有什么建议吗？我可以做出什么真正的明显和愚蠢的错误？ ：

编辑：更好的格式化

解决方案

常规和安全选项卡URL字段的URL。从这里的内存相对URL在过去的某个时候是强制性的。现在看来，相对URL仍然适用于HTTP但不适用于HTTP。修复：绝对URL。希望FB更新他们的现场验证以匹配所需要的。

Problem

I have an application driving a tab on a client's page. The application works correctly if the user has not enabled FB's "secure browsing" feature. If attempting to view over HTTPS, the iframe doesn't even appear (no errors, no mixed-content warnings). When correctly loading over HTTP, the div with the id "pagelet_app_runner" has an iframe inserted into it and the application content is loaded inside there. Over HTTPS, this div remains empty and the iframe is not inserted into the page. There are no Javascript errors appearing in Firebug or Chrome's equivalent console.

Why I'm Asking Here

The host has a valid SSL certificate and there is no 'mixed content' at the URL in question. I can successfully view the content over HTTP or HTTPS by visiting the URL directly, and I can do the same by visiting apps.facebook.com/canvasURL/tabURL. It is only when attempting to view within a Page Tab that the HTTPS load fails as described above. My application is configured with both regular and secure canvas and tab URLs.

Attempted Debugging

I've recorded some sessions with Charles but since the iframe isn't being inserted into the page, I think I'm coming at the problem after it's already occured. I'm no Charles expert so happy to be corrected here.

Apache isn't seeing any request (in either regular or ssl logs) for the affected loads. non-SSL loads come through as expected in access_log.

Plea for Help

I'm out of ideas for debugging this. Does anybody have any suggestions? What really obvious and stupid mistake might I have made? :)

edit: nicer formatting

解决方案

I was using relative URLs for the regular and secure tab URL fields. From memory relative URLs here were mandatory at some point in the past. It appears now that a relative URL will still work for HTTP but not for HTTPs. Fix: absolute URLs. Hopefully FB update their field validation to match what's required too.

这篇关于静音故障在iframe中加载页面应用程序超过https的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！