CB Facebook Connect and SSL

Team,

I have the CB Connect - Facebook plugin working completely under standard HTTP, no problems at all. But when I visit my site via HTTPS @ www.example.com , then click login, the new window pops up, communicates with facebook, then just dies at the following page:

www.example.com/index.php?option=com_comprofiler&task=pluginclass&plugin=cb.facebookconnect&action=facebook&func=accesstoken&format=raw&code= [TOKEN_HERE]#_=_

I see the following error in the browser error console:
Timestamp: 7/8/13 10:56:41 AM
Error: Error: Permission denied to access property 'oAuthSuccess'
Source File: www.example.com/index.php?option=com_comprofiler&task=pluginclass&plugin=cb.facebookconnect&action=facebook&func=accesstoken&format=raw&code= [TOKEN_HERE]#_=_
Line: 1

I have replaced www.example.com where my actual domain would be (they all use the www subdomain, and $live_site in config is set to blank), the [TOKEN_HERE] is the super long auth token. Again keep in mind all the same steps happen when I am not SSL, but the popup closes and the authentication happens like it is supposed to. I am assume this has something to do with the fact that the com_profiler page being postedback to is not SSL but I am not sure.

Thanks,
Tom Cooper

Edit configuration.php and ensure live_site is blank. CB Connect is tested working with SSL. Also ensure your URL within your Facebook Application has https and not http.

Krileon,

Thank you for the quick response, please note from my original question, $live_site is blank. Since this has to do with the facebook connection (not the canvas page) how do I set the URL within facebook to SSL?

It might help if you could take a few seconds and describe the steps for me the plugin takes to authenticate with facebook, if I have to I will manually modify the page to use HTTPs from within the plugin.

Thanks,
.tc

You can visit the site and test this live if it provides any insight: HTTPS @ www.worldwideinterweb.com

You can test the facebook login button on the bottom left.

Any update? The facebook APP is set to HTTPs in all fields, and when the login happens via SSL, I am still just hanging up at the same point listed above.

Thanks,
.tc

If live_site is blank then you may have an issue in htaccess if you're using it. Your site certainly is not SSL ready. You have a ton of mixed content (non-HTTPS) on your site (press F12 in your browser to open dev console then review the header and you'll see none of the URLs are loaded with HTTPS). Nor does it validate. You also have mass of JS errors, which you can find in the error console of your browser. Check htaccess and ensure you're not forcing http to https (quick test is to disable SEF and rename htaccess so it's disabled then see if works fine). If using 3rd party SEF extension then it could be rewriting the URL from HTTPS.