MichaelCheney.org

Facebook's recent switch from FBML to iFrame support for Pages means that you have a lot more flexibility with how you design your page. You can effectively display anything that you would normally have on a typical website - email opt-in forms, multiple pages within your Facebook Page and even order buttons.

But there's one problem with the iFrame support that only going to get worse as time goes by - people browsing on a secure connection. Facebook has a setting that turns on secure browsing using https: instead of http: for the page URLs. There are only a small number of users who have this setting turned on at the moment, but as people become more security-conscious that number will no doubt increase.

The trouble is, if you're using an iFrame to display content on your Facebook Page, and the content that is inside that iFrame is not coming from a secure connection, anyone who lands on your Page with a secure connection is going to see a message that the content is not secure.

Facebook gives them the option to turn off secure browsing so they can see your Page, but many people won't, especially if they don't really know much about you or your Page. If they're concerned enough to turn on secure browsing, they're probably not going to switch to an unsecured connection to view content that they don't know if they can trust or not.

The solution to this is to set up an SSL certificate on your domain so you can serve the content to your iFrame from an https: connection. You can buy certificates for as little as $9 per year, so it doesn't have to cost a lot of money.

When you install the certificate on your domain, you can access it through https: to get the secure version. When you're setting up the iFrame for your Facebook page, it gives you an option to enter a secure URL for the iFrame contents, so you would put your secure URL in there.

eg. If your iFrame content is at http://www.mydomain.com/fbpage.html you would use https://www.mydomain.com/fbpage.html as the secure version.

As long as you have a certificate installed, this will work properly and anyone who arrives on your Page through a secure connection to Facebook will see the contents without any kind of error message or warning.