Facebook JavaScript SDK over HTTPS loading non-secure items

Question

I have a Facebook application that uses the Facebook Connect.js.

I am running my application over HTTPS. All content on the site is delivered from https://

Answer 1

I came across this problem a few days ago. My entire application was using HTTPS and my issue was only profile pictures being loaded over HTTP... My quick and dirty fix was to manually replace all the profile pictures' domain names. For example,

str_replace('http://profile.ak.fbcdn.net','https://fbcdn-profile-a.akamaihd.net',$user['pic_square']);

You'll have to check and see what URL your profile pictures have. I'd assume they are not coming from exactly the same place. View the URL of your own profile picture and substitute for what I have at https://fbcdn-profile-a.akamaihd.net.

After looking harder at the Facebook documentation:

If you need a picture to be returned over a secure connection, you can set the return_ssl_resources argument to 1: https://graph.facebook.com/4/picture?return_ssl_resources=1.

I found an additional parameter called return_ssl_resources, and when passed with true, it returns profile pictures using HTTPS.

$fql = "SELECT uid, name, pic_square FROM user WHERE uid=me()";

$param = array( 'method' => 'fql.query', 'query' => $fql, 'return_ssl_resources'=>1);

$fbuser = $facebook->api($param);

It worked like a charm, and I stopped getting the mixed security warnings. I hope this helps!