Question: What’s significant about this Saturday – March 12, 2011?
Answer: Time to set your clocks ahead for Daylight Savings Time. *
Answer: Barbara Feldon’s birthday **
Answer: IFrame apps will be accessed through HTTP POST instead of GET.
That’s right kids, as Facebook has been telling us for some time now, your IFrame apps will be accessed from your customer’s clients by a POST instead of a GET. This is significant because it is most definitely a breaking change, e.g. one that has the potential to make your application stop working if you aren’t careful, so pay attention.
So why is Facebook doing this? Well, it has to do with a little something we call privacy. The problem is that a customer’s Facebook userid used to be passed in the URL (as part of a GET) so that the application could know which user a request was coming from. The problem is that subsequent calls would retain this userid in the HTTP Referrer header, and possibly allow third parties to get access to it. Privacy advocates rightfully have a problem with this, so Facebook looked for ways to fix the problem.
The solution to the problem is not to use a GET but rather a POST and pass the customer’s userid as a POST parameter. If all access happens over a secure channel (like Facebook now allows us to do) there’s no fear of exposing userids to third parties. Good solution, except for the fact that if your application expects a GET and receives a POST instead, you’re hosed.
So what to do if you have an IFrame application? Well, test it before Saturday comes lest things break. To do this, you must go into your application’s settings and enable the POST for Canvas selection.
Once this is done, Facebook will provide different HTML to the client’s browser so that your application is accessed through POST instead of GET. Be very careful though if your application is already live. If your application is broken by this change, then selecting this will effectively knock your app off of Facebook. So to be safe, register a test application and use that instead.
More technical information about this change can be found here. Facebook offers some simple solutions for how to do this migration on popular development platforms. There’s also some feedback from developers who’ve experienced some problems, so it’s a good place to start if you find problems yourself.
* Yeah, technically this happens on March 13, but better do it before you forget.
** We loves us some Agent 99 so much we won’t give away her age.