Facebook allows you to surf over a secure HTTPS connection, although sadly it does not enable this by default. Even when HTTPS is enabled, you encounter some annoying user experience when trying to access a Facebook application. It will output
Switch to regular connection (http)?
Sorry! We can’t display this content while you’re viewing Facebook over a secure connection (https).
To use this app, you’ll need to switch to a regular connection (http).
My question is twofold:
- Why does Facebook not enable HTTPS by default?
- Why does Facebook require disabling HTTPS when using a third-party application (apps.facebook.com).
NOTE – When looking for example apps that require the fallback to http, I couldn't find any. Did Facebook remove that requirement? If so, the second part of my question has become irrelevant. Instead, I wonder when and why this has changed.
Best Answer
Some browsers, like IE6, show an error when we have non-secure (http) content e.g. iframe, image on secure (https) pages. To prevent this error dialog, Facebook falls back to a non-secure address. See these two StackOverflow questions too IE6 http/https mixed content error and dealing with http content in https pages.
Also this option will be disabled in the future to ensure user security and all apps should support https, according to Facebook Developer Blog: