Tag Archives: iframe tabs

Chrome (and other Browsers) Not Showing Insecure Content

Chrome was the most recent browser to make a change on how they handle secure and non-secure content.  This change can impact iframed web pages in Facebook tabs.

Have you checked your Facebook Page tabs lately?

This is particularly a possible issue when users are not using a Facebook Tab App Provider to host the content like TabSite, but are iframing their own website into a tab.  Let’s show you more detail.  Here’s what can be shown (nothing) when a Facebook user is using Facebook securely (the URL will start with https://www.Facebook.com…).

12-point-withwebsite-white-space

This issue has to do with browser changes so be sure to check your tabs in the latest versions of Firefox, IE, and Chrome. If your content is gone, here’s why, and what the solution is:

 What Happened to my iframed Tab on Facebook?

Facebook has moved to HTTPS security as the default for all users.  If your added URL you are iframing doesn’t have the “S,” (like http://mikegingerich.com) that means it doesn’t have SSL (Secure Sockets Layer), an added protection that encrypts your content to make it secure.

The latest version of Chrome that rolled out a few weeks back along with Firefox, and Internet Explorer will not display non-secure HTTP content within the Facebook Tab.

Why is this? Facebook, now being secure by default, always uses a  URL starting with HTTPS.  So, if you have HTTP url iframed in an HTTPS main page, it’s now “mixed content,” (secure content and non-secure web page content) and it won’t be displayed.

The newer browser versions (Firefox and Chrome in particular) only want to pull data to display on a web page that is fully secure, HTTPS, when the main URL is a secure URL.

Browsers view HTTP content as unsafe, and block it to protect you because this type of webpage content can be read or modified by attackers, even though the main parent page is served over HTTPS.  This is because the iframed website page on the tab is technically a web page within a web page, meaning it is a separate web page loading within the Facebook web page.

Content Created in TabSite and hosted on TabSite is not impacted

If you create content in a service like TabSite, like a Photo Contest or a Friend Share Deal offer, this content is all hosted by and provided to Facebook by TabSite securely and is HTTPS  by default so there is no issue.  It’s only when using items like the iframe widget or the Website ReSizer App when this can be a concern because those tools allow you to add a web page to be displayed on the tab and so we are at the mercy of that web page.

This means that if the web page that you are adding in website resizer or the iframe widget is not setup with SSL security (https) then some new versions of browsers including versions of Chrome, Internet Explorer and Firefox will not bring in the insecure content within the secure Facebook Page, and thus nothing shows on the Facebook tab.

How to Overcome No Iframe Content Showing

Add a SSL on the website.

If you are pulling in a outside website URL to display on a tab then the tab provider has no control over that outside URL you add. It is necessary that the website have a SSL certificate installed on the domain so that the web content can be delivered/shown securely.  This can be tested on a website by entering the web page URL and pre-appending it with https.

An example is my website, mikegingerich.com which has a SSL certificate installed and so content can be delivered securely by directing users to the secure version, https://mikegingerich.com. This is a browser version specific issue on how they are handling secure and insecure website content. So, in some cases such as with a website shopping cart that already has SSL to ensure encrypted purchases on the site, the user setting up the tab simply needs to ensure they add the secure (https version) of the URL in the iFrame widget or Website ReSizer app when building their tab (see image below).

www_tabsite_com_tab_id=173560

In other cases, a web page needs to take the step to get a SSL certificate added to their site.  This is done at the domain level and costs can vary but typically range from $35-$199 a year. SSL’s can be obtained from many domain and web  host providers.  You’ll want to check with your internet hosting provider to ensure you can install the certificate on your site. Once complete, your connect will show!

Based on the trends of browsers moving more and more to protect users with updates such as this, it really is a good recommendation to proceed with getting a SSL for your website! As I noted, I have, and here is my tab showing my embedded blog post just fine with my https URL added in the app!

NOTE: To ensure the page shows in ALL browsers, add a SSL secure certificate and input the URL in the WebSite ReSizer with the https: secure URL!  Read more.
SSL Options: Secure SSL and  Cheap SSL options.

 

12-point-603-withwebsite

Final reminder…

Again, any content built and hosted by a app provider like TabSite is already SSL secure so it shows on tabs just fine.  This means that you can run any number of Holiday Deals or even a Instagram Contest on your Facebook Page using a app and you don’t need to deal with the SSL issue at all!

Apps like Pin Deal (Pinning a image to Pinterest to access a deal on the Facebook Page), Friend Share Deal Download (sharing to get access to a downloadable coupon deal), and more are all apps that TabSite hosts so the SSL is take care of for you.

So what about you, what browser do you use most often and have you seen this issue?