Log in | Register
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. HTTPS and HTTP access using JFBConnect
× Joomla Facebook Connect support forum

Topic-icon HTTPS and HTTP access using JFBConnect

Active Subscriptions:

None
13 years 9 months ago #3947 by fb_514141776
The version I purchased of JFBConnect did not support SSL connections.

I've fixed this with the following code:
if($_SERVER['HTTPS'])
{						
echo 
"<script type=\"text/javascript\" src=\"https://ssl.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php\"></script>\n";
} else {
echo 
"<script type=\"text/javascript\" src=\"http://static.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php\"></script>\n";
}

Which I've added to .../components/com_jfbconnect/helpers/facebookhelper.php and
if($_SERVER['HTTPS'])
{						
	$http_set =	"https://ssl";
} else {
		$http_set = "http://static";
}

?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" >
<body>
    <!--- this is a secure xd_receiver, since it loads from https:// -->
    <script src="<?php echo $http_set;?>.connect.facebook.com/js/api_lib/v0.4/XdCommReceiver.js" type="text/javascript"></script>
</body>

which is added to .../components/com_jfbconnect/views/xdreceiver/tmpl/default.php

Hope that helps!

Charlie
The topic has been locked.
Support Specialist
13 years 9 months ago #3954 by alzander
Version 2.6.0 added SSL support in much the way you describe. We've been using it here ever since. Thank you for contributing back though, it's always appreciated.
www.sourcecoast.com/jfbconnect/docs/changelog


Thanks!
The topic has been locked.
Active Subscriptions:

None
13 years 1 month ago #8205 by eldad
Hi there,
I'm using the latest version of jfb (3.2) and i can't find where the code deals with SSL, as shown above for the older version.
My main concern is that i get mixed content errors on my SSL website, especially by images that comes from FB, the profile pic and some others.

Can you help on this?

Thanks,
Eldad
The topic has been locked.
Support Specialist
13 years 1 month ago #8211 by alzander
The post above was from the 2.x series of JFBConnect which didn't support SSL connections to verify the user and log them in. The current 3.x releases do this automatically, and do not require any modification.

However, Facebook itself does not host it's images from SSL (https) servers. Therefore, if you are running on a site that uses SSL, we recommend you disable the profile picture in the login box and a few other areas. You can use the import to profile feature to pull a user's avatar into Kunena, Agora, JomSocial, Community Builder, or K2, which then will be hosted from your server.

We really, really wish Facebook would move their CDN to be able to serve up images on https, but unfortunately, they don't. Hope this helps explain, but there really isn't anything we can do about this.
The topic has been locked.
Active Subscriptions:

None
13 years 1 month ago #8215 by eldad
Hi Alex,

Thanks for your fast response (browsing the forum before, i already knew that you provide excellent support).
Importing is a good idea, i'll try tweaking something since i don't use any of the extensions that you've mentioned running on my website.

I guess i could do that whenever the user connects, to keep the pic updated.

Cheers,
Eldad
The topic has been locked.
Active Subscriptions:

None
13 years 1 month ago #8216 by eldad
btw, i couldn't find a redirection to ssl.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php, shouldn't it be there somewhere in the code?
The topic has been locked.
Active Subscriptions:

None
13 years 1 month ago #8217 by eldad
[SOLVED] Found a very simple solution eventually, no need to import the profile pic to avoid the mixed content errors on a SSL site, you simply need to call the image from the graph api (make sure you're querying the graph via https), and, VERY important, turn the facebook logo option off, otherwise it will result as mixed conteht.

this works for me:
function getFB_ProfilePic($fbuid, $size = 'square', $logo = false) {

$output = '
<div class="picture">

<img src="graph.facebook.com/'.$fbuid.'/picture" />

</div>
';

echo $output;
}
The topic has been locked.
Support Specialist
13 years 1 month ago #8225 by alzander
Thanks for posting that. We'll test as well and may include in the next release if we don't run into any issues.

Good luck, and thanks again!
The topic has been locked.
Active Subscriptions:

None
13 years 1 month ago #8245 by eldad
Sorry, I was too early to celebrate, the solution is not perfect.
While using the https graph does eliminate the mixed content dialog in IE, and does makes the https address bar in Chrome to be green, i just noticed that the Lock icon is still missing in IE, and using httpWatch it's clear that the http images that gets back from FB are problematic, the graph's proxy does not solve it.

However, there's a tweak to go around it, you can use a simple Flash file as the image container, and use the URL from the graph as the image variable for it.

I'll make something and post it here soon.

Eldad
The topic has been locked.
Support Specialist
13 years 1 month ago #8267 by alzander
Let us know what you come up with, we're definitely curious. Again, this needs to be solved on Facebook's end by switching the CDN to be able to serve from https addresses... and until then, there's no real silver bullets on our end.

Thanks for all the feedback!
The topic has been locked.
  1. Forum
  3. Discontinued Products
  5. JFBConnect Joomla 1.5 Support (CLOSED)
  7. HTTPS and HTTP access using JFBConnect
From the Blog
Facebook | Twitter | LinkedIn | Blog RSS