ruby-on-rails - 阻止原点为 "https://www.facebook.com"的帧访问原点为 "http://myapp.herokuapp.com"的帧

Question

我收到了无限量的这条消息(就像在循环中一样)并且它破坏了网站

Rails 4.0.0(使用 Turbolinks)

错误信息

Blocked a frame with origin "https://www.facebook.com" from accessing a frame with origin "http://app.herokuapp.com". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match.

Facebook.js.coffee

fb_root = null
fb_events_bound = false

$ ->
  loadFacebookSDK()
  bindFacebookEvents() unless fb_events_bound

bindFacebookEvents = ->
  $(document)
    .on('page:fetch', saveFacebookRoot)
    .on('page:change', restoreFacebookRoot)
    .on('page:load', ->
      FB?.XFBML.parse()
    )
  fb_events_bound = true

saveFacebookRoot = ->
  fb_root = $('#fb-root').detach()

restoreFacebookRoot = ->
  if $('#fb-root').length > 0
    $('#fb-root').replaceWith fb_root
  else
    $('body').append fb_root

loadFacebookSDK = ->
  window.fbAsyncInit = initializeFacebookSDK
  $.getScript("//connect.facebook.net/it_IT/all.js")

initializeFacebookSDK = ->
  FB.init
    channelUrl   : 'http://app.heroku.com/page/fbchannel'
    appId        : 'MY_ID_HERE'
    status       : true
    cookie       : true
    xfbml        : true

页面 Controller

class PageController < ApplicationController
skip_before_action :authenticate_user!

def fbchannel
    cache_expire = 1.year
    response.headers["Pragma"] = "public"
    response.headers["Cache-Control"] = "max-age=#{cache_expire.to_i}"
    response.headers["Expires"] = (Time.now + cache_expire).strftime("%d %m %Y %H:%I:%S %Z")
    render :layout => false, :inline => "<script src='//connect.facebook.net/it_IT/all.js'></script>"
  end
end

FBlike ( helper )

def fblike(resource, layout = 'standard')

        content_tag(:div, "", class:"fb-like", data: {
            href: polymorphic_url(resource),
            width: "225",
            show_faces: false,
            stream: false,
            show_border: false,
            header: false,
            layout: layout

            }
        )
    end

Answer 1

很老的问题，但它仍然是开放的 - 所以如果你还没有看到这个答案，Mademoiselle Geek 就在现场。对我的 heroku 应用程序进行快速复查，确认您实际上可以只输入 https: 而不是 http: 并且它会自动接受 SSL 连接 - 无需设置。你唯一需要设置的是在你的 Facebook.js.coffee- 这个部分..

initializeFacebookSDK = ->
  FB.init
    channelUrl   : 'http://app.heroku.com/page/fbchannel'

改成..

initializeFacebookSDK = ->
  FB.init
    channelUrl   : 'https://app.heroku.com/page/fbchannel'

然后，根据您的操作系统(我使用 linux)对 http://app.heroku 进行快速 grep 搜索(或搜索目录中的文件文本)。并将其更改为 https，以确保安全。