Skip to main content

Secure Facebook Apps on Google App Engine

A few weeks ago, I asked a friend of mine if he'd mind testing a Facebook app, (MapMyFriends) that I was working on. It's a simple little app that maps the locations of your Faceboook friends on a Google Earth plugin. the app has grown and now it will fly you through a global tour of all your friend's photos displaying them on the globe where they were taken... But I digress.

My buddy came back with the rather unexpected response that my app wasn't setup for secure browsing on Facebook and he couldn't see it at all. This led me into a few days of work to make the app secure. I've included my notes below in case you run into the same issues I did.

First: It's not difficult
You'll find lots of documentation on OAuth 2.0 and user authentication, but at the end of the day you probably don't need it. You've already setup account login however you want it in Facebook right? If all you want is an application that communicates back to the Google App Engine Servers over a secure connection, all you need is to add the following lines to your app.yaml file for each address that you would like to serve over a secure connection.

- url: /fbapps/stechtest
  secure: always

I made a separate address for my secure connections just so the unsecured application wouldn't consume the resources necessary for SSL unnecessarily. Within my file, both the normal and the ssl addresses are routed to the same handler like this.

                                          ('/fbapps/techtest', FBTester),
                                          ('/fbapps/stechtest', FBTester),

This is important: The handler wasn't modified at all. All of the SSL work is handled outside of your handler. That's it, you're done! Except for making sure the scripts you call in are also secure.

Securing Javascript Libraries
When I converted my app, I performed all the above steps, set my Facebook account to secure browsing and went back to my site. Upon arriving I received the message "This page has insecure content". I selected the recommended choice of not loading the insecure content and found that the Google Earth plugin and the Google Adsense ads didn't load. Fixing the plugin was easy. I just referenced the secure version of, so:

became The map reappeared on my next load.

For now your Google AdSense code will always show up as insecure. You can read more about it at:

If you're using Google Maps instead of Google Earth check out the following link for the path to the secure libraries:
Picture of the Day
From 6/6/12


Popular posts from this blog

Cool Math Tricks: Deriving the Divergence, (Del or Nabla) into New (Cylindrical) Coordinate Systems

The following is a pretty lengthy procedure, but converting the divergence, (nabla, del) operator between coordinate systems comes up pretty often. While there are tables for converting between common coordinate systems, there seem to be fewer explanations of the procedure for deriving the conversion, so here goes!

What do we actually want?

To convert the Cartesian nabla

to the nabla for another coordinate system, say… cylindrical coordinates.

What we’ll need:

1. The Cartesian Nabla:

2. A set of equations relating the Cartesian coordinates to cylindrical coordinates:

3. A set of equations relating the Cartesian basis vectors to the basis vectors of the new coordinate system:

How to do it:

Use the chain rule for differentiation to convert the derivatives with respect to the Cartesian variables to derivatives with respect to the cylindrical variables.

The chain rule can be used to convert a differential operator in terms of one variable into a series of differential operators in terms of othe…

The Valentine's Day Magnetic Monopole

There's an assymetry to the form of the two Maxwell's equations shown in picture 1.  While the divergence of the electric field is proportional to the electric charge density at a given point, the divergence of the magnetic field is equal to zero.  This is typically explained in the following way.  While we know that electrons, the fundamental electric charge carriers exist, evidence seems to indicate that magnetic monopoles, the particles that would carry magnetic 'charge', either don't exist, or, the energies required to create them are so high that they are exceedingly rare.  That doesn't stop us from looking for them though!

Keeping with the theme of Fairbank[1] and his academic progeny over the semester break, today's post is about the discovery of a magnetic monopole candidate event by one of the Fairbank's graduate students, Blas Cabrera[2].  Cabrera was utilizing a loop type of magnetic monopole detector.  Its operation is in concept very simpl…

Unschooling Math Jams: Squaring Numbers in their own Base

Some of the most fun I have working on math with seven year-old No. 1 is discovering new things about math myself.  Last week, we discovered that square of any number in its own base is 100!  Pretty cool!  As usual we figured it out by talking rather than by writing things down, and as usual it was sheer happenstance that we figured it out at all.  Here’s how it went.

I've really been looking forward to working through multiplication ala binary numbers with seven year-old No. 1.  She kind of beat me to the punch though: in the last few weeks she's been learning her multiplication tables in base 10 on her own.  This became apparent when five year-old No. 2 decided he wanted to do some 'schoolwork' a few days back.

"I can sing that song... about the letters? all by myself now!"  2 meant the alphabet song.  His attitude towards academics is the ultimate in not retaining unnecessary facts, not even the name of the song :)

After 2 had worked his way through the so…