Facebook JavaScript SDK over HTTPS loading non-secure items

Question

I have a Facebook application that uses the Facebook Connect.js.

I am running my application over HTTPS. All content on the site is delivered from https://

Answer 1

I was having a similar problem (fb comments not working in secure mode). This solves it - just reference the javascript file via https:

<script type="text/javascript" src="https://connect.facebook.net/en_US/all.js"></script>

Or don't specify the scheme to work for both:

<script type="text/javascript" src="//connect.facebook.net/en_US/all.js"></script>

Answer 2

Adding to Ralph Holzmann and Simon Bächler, the following is an even harder-hitting fix for when FB._https alone does not do the trick;

FB._https = (window.location.protocol == "https:");
FB.init({
    ...
});
if (FB._https && window == window.parent) {
    if (FB._domain && FB._domain.staticfb && FB._domain.https_staticfb)
        FB._domain.staticfb = FB._domain.https_staticfb;
}

See also FB.Arbiter.inform() { ... FB.getDomain((d?'https_':'')+'staticfb',true) ... } where d=window!=window.parent&&... as of 2012-Feb-10.