Facebook Issues Final Warning for Apps to Switch to HTTPS

Facebook is working on bringing full support for HTTPS connections on the site. It's enabled HTTPS for its own pages, but is also asking app makers to do the same. Currently, launching a Facebook app usually switches users to an insecure HTTP connection.

Developers had until October 1st to implement support for encrypted connections as well as support OAuth 2.0 logins and Facebook is issuing a final warning before going ahead and enforcing the new requirements.

Along with the final notification, Facebook has also implemented a way for developers to update their apps programmatically, if they haven't gotten around to it already or if they have several apps they'd like to update in one go.

"Many of you have received an email reminder to support OAuth 2.0 and HTTPS by October 1st," Facebook's Matthew Johnston writes.

"To help Canvas and Page Tab App developers more easily update their Secure URLs, we have pushed changes to admin.setAppProperties that let you set your secure_callback_url and secure_page_tab_url programmatically," he explained.

There are a couple of requirements for using the APIs to update the secure URLs, developers need to use an app access token to do it and will also have to provide a full URL, with the leading 'https://' and the trailing '/' unless the URL points to a dynamic page.

Facebook says it will add these API methods to the Graph API too, but has released the REST API version sooner to help those that haven't made the switch to HTTPS yet.

Facebook introduced an HTTPS option for users early this year. It enabled those that wanted better security to view any page on the site via an HTTPS connection.

However, this did not work for apps as well, which live on their own servers and domains, making it a problem for those that want apps but also want encrypted connections. This is the reason why Facebook enforced the upgrade to HTTPS.