You may have heard the buzz a little while back about how Facebook now allows users to select “HTTPS-Only” mode which forced Facebook to run over SSL. This is good news for users, but has a pretty big impact on developers, some of which I mentioned here.
We knew that users would see a warning if they try to access your non-SSL canvas app and they’re in HTTPS-Only mode, but something some of you may not have realized is that non-SSL fan page tabs will not display at all. Users won’t get a warning that the tab they’re about to view is non-SSL – they won’t even see the tab in the list of navigation options. If they try to access it directly via link, they will be redirected back to the fan page’s wall.
This appears to be intentional behavior, not a bug, although it was only glossed over very quickly in a Developer Blog post
“Please take some time to add a “Secure Tab URL” as if you have not, we will not be able to show your tab to users browsing Facebook over HTTPS.”
So if you’re being more secure and browsing in HTTPS-Only mode and can’t figure out why a bunch of your tabs are missing, that’s why. What this ultimately means is that every developer should account for the extra time and cost involved in getting an SSL certificate for fan page tabs as well as proper canvas apps.