Facebook to App and Website Developers: HTTPS by Oct. 6

An Enforce HTTPS setting was added to app dashboards

Apps that have been created since March are already using HTTPS settings Drubanik/iStock
Headshot of David Cohen

Applications and websites using Facebook Login have until Oct. 6 until all Facebook Login redirects must use HTTPS and all Facebook JavaScript software-development-kit calls that return or require access tokens do so only from HTTPS pages.

Software engineer Brad Hill announced in a blog post that the social network added an Enforce HTTPS setting to developers’ app dashboards, enabling them to comply.

All new apps that have been created since March have already been required to use these HTTPS settings, and any insecure redirect URLs or pages making Facebook Login or application-programming interface calls with the JavaScript SDK from HTTP pages will stop working after Oct. 6.

Hill pointed out that other features in Facebook’s JavaScript SDK, including social plugins, already use HTTPS frames, and they can continue to be used on HTTP pages.

david.cohen@adweek.com David Cohen is editor of Adweek's Social Pro Daily.