|Christmas pudding decorated with skimmia rather than holly. (Photo credit: Wikipedia)|
I decided to learn how to make a facebook app. So I registered for a developer account and got my AppID and secret key. I made a word game in php for dermatology and decided to port it to the facebook canvas. The facebook interface asked for the normal application URL and the https URL. Near the https field, it is mentioned that https is a requirement from Oct 11th onwards. Since it is only the beginning of 2014 with a good 10 months to October, I decided to leave the https blank. The form submission was accepted without any problems and I was given a new 'blank' canvas.
Despite my best efforts at debugging, the canvas remained perpetually blank. After hours of googling, I found out the bitter truth. The October 11 is not Oct 2014, but Oct 2011 and is over 2 years back! So facebook needs a secure https URL for displaying external apps in the facebook canvas and it is mandatory for the last 2 years. I have no complaints about facebook's security policies and probably this is a good thing. But why the Oct 11 is still mentioned there without the year, and why the form is getting validated without an https url still!!
Here is my DermGame who could never make it to the facebook, but got a facelift with Ajax. Sorry for the mangled interface and template.