Facebook Canvas Not loading Url Even if it has SSL

I was trying to do some sample facebook canvas application,

I have created the app in Facebook developer and created new platform in side facebook canvas.

I have give Canvas secure Url as https://www.google.co.in/, https://www.audiotube.com/, https://bitbucket.org

SO I opened the app page which is not loading the data

https://apps.facebook.com/521031588051793

But If I use other https websites means It will load for ex. https://eatwater.co.uk

Answers


X-Frame-Options is a relatively new web feature that prevents malicious attacks like framesniffing or clickjacking. New development frameworks such as MVC5 provide out of the box support for this. If the X-FrameOptions response header is set to SAMEORIGIN it means the page can only be included in an iframe in a web site that is in the same domain with the requested page.

other options are:

DENY: no page can use the requested page as an iframe. ALLOW-FROM: http://www.example.com: only allows from the example.com domain. have in mind though this is not supported in chrome and safari browsers.

So to answer your question, the sites you are including in your canvas app are requested by apps.facebook.com to fill an iframe, and the browser blocks the request because these sites' configuration is set to SAMEORIGIN.

take a look at this blog post.


Need Your Help

Can't create working meteor.js project on a vagrant box

mongodb meteor vagrant

I cannot start up a new Meteor application on a Vagrant linux box (running on a Mac). It fails every time with a 'unspecified uncaught exception' in Mongo. I have tried a bunch of things to get this

PHP: Calculating percentage tax applied to a product

php rounding

I've got a significant problem in working out the percentage tax applied to a product, due to the rounding.