In an article posted today on the Facebook Developer Blog, Facebook announced that they would be offering users the option to switch their Facebook experience to HTTPS-only, which would force all Facebook page loads to be routed over SSL.
In short – you can’t. Or at least not if you want to be PCI compliant. In order to pass a user’s personal information through a secure encrypted channel, you will need to collect that data on an IFRAME application page. No two ways about it. Here’s why:
Hi! I'm snipe. I develop Facebook applications and pages. I hope this site will help you avoid some of common (and uncommon) frustrations that come with Facebook platform development.