Hey there, let's break down how to fix this frustrating Facebook login error. The message "Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page." is Facebook's security guard telling you that your login flow is running over unencrypted HTTP instead of the required HTTPS—Facebook has enforced this mandatory HTTPS requirement for all OAuth flows to protect user data.

Here's what you need to do to resolve this: #

1. Switch your site to HTTPS

• Local development: If you're testing locally, you have a few options:
  • Enable HTTPS in your local server (WAMP/XAMPP/MAMP have built-in settings to turn on SSL with self-signed certificates)
  • Use a tool like ngrok to create a temporary HTTPS tunnel to your local server (this gives you a public HTTPS URL that Facebook can validate)
• Production environment: Install a valid SSL certificate (services like Let's Encrypt offer free, trusted certificates) and configure your web server (Apache/Nginx) to serve all traffic over HTTPS.

2. Update your CodeIgniter Facebook configuration

Open your Facebook config file (usually application/config/facebook.php) and make these changes:

• Replace relative paths or HTTP URLs in $config['facebook_login_redirect_url'] and $config['facebook_logout_redirect_url'] with full HTTPS URLs. For example:

  $config['facebook_login_redirect_url'] = 'https://yourdomain.com/facebook_login';
  $config['facebook_logout_redirect_url'] = 'https://yourdomain.com/logout';
  

• Double-check that your Facebook App's Valid OAuth Redirect URIs (found in the Facebook Developer Dashboard under Products > Login > Settings) includes the exact HTTPS version of your redirect URL. Facebook will block any redirect that doesn't match this list.

3. Verify the SDK's URL generation (for older library versions)

If you're using an older version of the facebook-sdk-codeigniter library, it might be hardcoding HTTP in the authorization URL. Check the main library file (typically application/libraries/Facebook.php) to ensure it's generating HTTPS-based OAuth URLs. Look for any instances of http://graph.facebook.com and replace them with https://graph.facebook.com if needed.

Quick Troubleshooting Tip #

After making these changes, clear your browser's cache and cookies—old HTTP session data can sometimes linger and cause unexpected issues even after switching to HTTPS.

内容的提问来源于stack exchange，提问作者kamal raj