Building a Facebook app on a host without HTTPS/SSL Support

Recently (Yesterday) I was confronted with the ugly fact that Facebook REQUIRES SSL for your application. Now there are quite a number of free services out there that give shared ssl support, however, I was quite happy with my current hosting provider and did not want to shift my database and files to a group I knew nothing about. So here is an extremely simple and easy to do tutorial for everyone who feels the same.

The Realization

After playing around with Facebook, I realized that I can navigate away from HTTPS at any time. Its only required by Facebook that the URL you enter into Facebook for your app is an HTTPS url. And that gave me the idea for a simple redirect script!

The Requirements

Now, unfortunately, you still need some provider with some sort of ssl. Fortunately, Heroku does just that and was quite simple to setup and its free (And no, you don’t have to move your application over to them, keep reading). If you’d like to use another provider, or maybe you own a server with ssl support, you are most welcome to use that instead.

The Code

Now create a php file with the following code:

header( 'Location:' );

The Facebook

Point your SSL link on Facebook to this php file, and tada! Facebook accepts the url, upon loading the URL in the iframe, php redirects it to your non-ssl application, and none of your code had to be moved anywhere.

Hope this helpes someone!

DISCLAIMER: This bypasses SSL for your Application and thus decreases the level of security. However, for a testing environment, and for most “non-personal” information, this should be perfect for your needs…


  1. rachel

    i tried it, but is not working…im not sure i have done it correctly. can u pls help

    1. create a php , i placed it to e.g
    2. inside the php file only has code:

    3. update my fb apps setting
    Page Tab URL:
    Secure Page Tab URL:

    FB will not allow me to save it , error Secure Page Tab URL must use the HTTPS protocols.

    • Hello Rachel,

      You will need to host your redirect script on a server with ssl. Heroku allows you to host your Facebook application for free, and thus I made use of them to host my PHP Redirect script.

      You can now save the HTTPS link to your Heroku redirect script and it will redirect to your non ssl application! Simple as that.

      • Frank

        Hi Bernhard

        I tried it on Chrome it didn’t work but Firefox was fine. Google Chrome by default just blocks all insecure resources while loading over https.

        Can you make it working with Chrome since I don’t want to move the entire app to Heroku ?

  2. It doesn’t work, even with the redirect facebook needsthe site certificate 🙁

  3. Alternative, Coudflare, free SSL

Leave a Reply

Your email address will not be published. Required fields are marked *