I am the author of the Wordpress plugin, which allows users to log into their blogs with Facebook; it uses the old REST API to introduce the login button. Usually, including the API, it is done through:
<script type="text/javascript" src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php"></script>
However, after Facebook introduced secure connections (Account → Account Settings → Account Security → Safe Browsing), Connect pop-ups split. One user of the plugin indicated that the problem can be fixed by replacing the above:
<script type="text/javascript" src="https://ssl.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php"></script>
Everything works fine in every browser except the recently released IE9, which reports the following two errors (and refuses to initialize the Facebook API):
SEC7111: HTTPS security compromised https://www.facebook.com/extern/login_status.php?api_key=(MY_KEY)&extern=0&channel=(URL_to_my_xd_receiver )
SEC7111: HTTPS security compromised https://api.facebook.com/static/v0.4/client_restserver.php?r=1300118768
Please note that the page on which the Facebook Connect button is located is not https, and the previous two scripts were not included by me - viewing the DOM source page using the IE9 developer tools shows that these two scripts are included in the div "FB_HiddenContainer", which is apparently asynchronously inserted by Facebook when it tries to initialize.
Everything I found on Google regarding SEC7111 relates to https pages that try to enable scripts via http, but my problem is the opposite: the http page, and the scripts (automatically downloaded by Facebook) are https.
Any thoughts would be greatly appreciated, I'm pretty dumb. If you want to play with it yourself, you can do it on my website, http://www.justin-klein.com . You will notice that the "Login with Facebook" button is correctly initialized in all browsers, but IE9.
Metal450
source share