SSL Warning on Magento with Facebook Like

Aug 18, 2011

How to: MagentoThe standard Facebook like button uses HTTP as the protocol for loading the Facebook JavaScript. This means you may receive SSL warnings to do with insecure items being on the page when viewing the SSL parts of your Magento site such as the checkout and the user account pages.

To solve this problem you simply need to include the Facebook script using HTTPS – since Facebook also support the SSL version. So your code would look like this…

<script src="https://connect.facebook.net/en_US/all.js#xfbml=1"></script>
<fb:like href="/" send="false" layout="button_count" width="100" show_faces="false" font="">
</fb:like>

This does mean that your http Magento pages are including the facebook like using SSL – not a major problem but a little untidy. It would be simple enough to work out the current protocol http/https and dynamically add that in place of the https in the example above.

First we need to establish of we are using HTTPS or not. I have seen several examples online that use the $_SERVER[“SERVER_PROTOCOL”] variable but I didn’t have any success with that as this seemed to return me HTTP/1.0 regardless of whether I was using HTTP or HTTPS. I found that on Apache at least $_SERVER[‘HTTPS’] correctly gave me the required protocol. So the code below worked for me…

<?php
if (strtolower($_SERVER['HTTPS']) == "on") {
    $protocol =  'https';
} else {
    $protocol =  'http';
}
?>
<script src="<?php echo $protocol; ?>://connect.facebook.net/en_US/all.js#xfbml=1"></script>
<fb:like href="/" send="false" layout="button_count" width="100" show_faces="false" font="">
</fb:like>