Facebook & HTTPS

Written by

What is HTTPS?

HTTPS is the HTTP protocol that is secured, this means that all data sent via your web browser is encrypted and cant be read by some dodgy bugger somewhere trying to steal your passwords and sensitive information.

What on earth is Facebook?

Do you really have to ask?

So what are you going on about?

Well, if you visit https://www.facebook.com you can login securely but as soon as you click a link, it then takes you to the standard HTTP format.

So, if you think you’re being all secure and keeping your information all secure then you’ve thought wrong.

So why is this happening?

Well its all down to how you define a link in HTML. You have the a relative method:

<a href="webdesign/">

then you have the absolute method:

<a href="/webdesign">

now, both of these links take you to the same place but id different ways, if you moved the page that the first link is place in to another directory, it will break but the second will.

Now Facebook is using a third method usually used to link to external sites

<a href="http://www.aboutcher.co.uk">

this loads up an external address with the HTTP protocol, this method is used to tell your browser that the link is outside your domain.

So in short, Facebook is defining its links as though it is linking to an external site and not its own. This maybe because it runs several sub-domains for things such as groups and relative links would the not work but this is no excuse. Facebook runs on PHP and there is a function to check to see if the connection is secure or not.

All that is needed is the following code:

$PROTO = "HTTPS://";
$PROTO = "HTTP://";
echo $PROTO."www.aboutcher.co.uk";

This will create the link HTTP or HTTPS depending on what you are already using, and so keeping the connection secure on every click.