Forum QuickConnect Facebook Secure Problem

Discussion and help relating to PlayerIO's QuickConnect feature, including Facebook Connect and Kongregate Connect.

Facebook Secure Problem

Postby Mario Fischel » May 8th, 2013, 11:31 am

Hi,
I think I setup the application correctly and use the https for secure from Facebook. But when I access the app on facebook there is a popup asking me to "Allow" or "Don't Allow" the insecure content. I allowed and check the Console and see these lines:

Code: Select all
...
The page at https://apps.facebook.com/xxx/ displayed insecure content from http://r.playerio.com/r/xxx/crossdomain.xml.
apps.facebook.com:1
The page at https://apps.facebook.com/xxx/ displayed insecure content from http://api.playerio.com/crossdomain.xml.
apps.facebook.com:1
The page at https://apps.facebook.com/xxx/ displayed insecure content from http://api.playerio.com/flashbridge/1.
apps.facebook.com:1
The page at https://apps.facebook.com/xxx/ displayed insecure content from http://cdn.playerio.com/xxx/crossdomain.xml.
...


Could it be my wrong setting or a bug from playerIO that even in a secure canvas, the apis always get called insecurely? This is a critical problem because if my users press "Don't Allow", so all the calls will be crashed and the game won't play at all.
I would appreciate if someone help me point out where it went wrong?

Thanks a lot,
Mario Fischel
 
Posts: 10
Joined: October 13th, 2011, 9:57 am

Re: Facebook Secure Problem

Postby Mario Fischel » May 9th, 2013, 8:54 am

Can someone help me with a workaround? Thanks so much.
Mario Fischel
 
Posts: 10
Joined: October 13th, 2011, 9:57 am

Re: Facebook Secure Problem

Postby Henrik » May 9th, 2013, 10:23 am

Did you load the game over HTTPS as well?
Henrik
.IO
 
Posts: 1880
Joined: January 4th, 2010, 1:53 pm

Re: Facebook Secure Problem

Postby Mario Fischel » May 9th, 2013, 11:01 am

Hi, thanks for your reply.
I loaded the game in https://apps.facebook.com/my-app.
Here's the config from facebook, I followed the configuration guide in quick connect:
Image
I guess I setup correctly the canvas and secure canvas. But I still see all api calls are http, not https, e.g. http://api.playerio.com/api/27, etc.
I'm wondering if facebook will automatically route all the api calls to https or the api has to do it manually because I looked in the code PlayerIO.as and see this line is using http to request a connection:
Code: Select all
loader.load(new URLRequest("http://api.playerio.com/flashbridge/1"));

From this, I think the remaining calls are also http but if facebook doesn't convert it to https, should the next update of PlayerIO fix it? Or am I missing something here?
Mario Fischel
 
Posts: 10
Joined: October 13th, 2011, 9:57 am

Re: Facebook Secure Problem

Postby Henrik » May 9th, 2013, 11:26 am

How do you load the .swf on that page? If you're loading the .swf over https, it should load the crossdomain.xml over https, but if you don't, it doesn't.

The api calls always go over http, that's fine, and won't cause you any issues.
Henrik
.IO
 
Posts: 1880
Joined: January 4th, 2010, 1:53 pm

Re: Facebook Secure Problem

Postby Mario Fischel » May 9th, 2013, 11:54 am

Hi, I have 1 index.html and 1 swf in the GameFS. I guess the facebook will call the index.html and then it loads the swf inside. Here's how I load the swf in html file:
Code: Select all
...
<body text-align="center">
    <div id="fb-root"></div>
    <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" width="760" height="600" id="myapp" align="center"
                codebase="https://www.adobe.com/go/getflash">
       <param name="movie" value="{% url 'myapp.swf' %}"/>
       <param name="wmode" value="transparent"/>
       <param name="allowScriptAccess" value="always"/>
       <param name="allowNetworking" value="all"/>
       <param name="flashVars" value="access_token={{ fb_access_token }}"/>
      <embed src="{% url 'myapp.swf' %}" pluginspage="https://www.adobe.com/go/getflash" id="myapp2"
                  wmode="transparent" allowScriptAccess="always" allowNetworking="all" flashVars="access_token={{ fb_access_token }}"
                  align="center"
                  width="760" height="600" type="application/x-shockwave-flash"/>
    </object>
...

I think when facebook calls the index.html, it should go through the url in the Secure Canvas and it should be https. I will test on another machine to see if http calls for api are not the cause of displaying the "Allow" and "Don't Allow" popup.

Actually the main reason is that all PCs in my country can connect and play the game, but the others in another country (USA, Israel, Phillipine) can connect but it seems not be able to process api calls, and they're all stuck when creating and joining rooms. I'm investigating the cause and really appreciate so much for your help.
Thanks,
Mario Fischel
 
Posts: 10
Joined: October 13th, 2011, 9:57 am

Re: Facebook Secure Problem

Postby replayshot » May 10th, 2013, 7:49 am

Hi, did you ever sort this out? I have a similar issue. Any help is appreciated.
replayshot
 
Posts: 5
Joined: September 5th, 2011, 9:49 pm

Re: Facebook Secure Problem

Postby Henrik » May 10th, 2013, 9:26 am

Mario Fischel wrote:Here's how I load the swf in html file:

What's the result of that page, when rendered over https? Use the Frame Info in your browser to find out which actual URL is being loaded, and use the Frame Source to find out how the .swf is actually being loaded.

Also, why aren't you using the {% swf %} tag in SiteBox?
Henrik
.IO
 
Posts: 1880
Joined: January 4th, 2010, 1:53 pm

Re: Facebook Secure Problem

Postby Mario Fischel » May 17th, 2013, 12:04 pm

Hi, thanks for your advice. I changed the swf loader to {% swf %} tag for better performance. About the problem that some PCs cannot connect to playerio, even the internet connection of them is really good, I clear their cache and cookies in IE and it works. I don't know what the problem is, just played with the internet options and somehow it works.
Mario Fischel
 
Posts: 10
Joined: October 13th, 2011, 9:57 am


Return to QuickConnect