In October, Facebook will start requiring that all apps and websites using Facebook Login to use HTTPS. In preparation for that, Facebook has added a new “Enforce HTTPS” setting for its Facebook Login.
Using HTTPS protects the information which is transmitted and helps protect users’ security. Facebook has required that all new apps created since March 2018 use HTTPS, but older apps and websites will have until October 6, 2018, to opt in. After that, it will be automatically enabled. Essentially, the option gives developers some time to switch and test all their systems.
Facebook Software Engineer Brad Hill notes that “you may have received a developer alert telling you that we’ve already enabled this setting for your app — if you don’t currently use Web OAuth flows, already use only HTTPS URIs, or if all your redirect domains send or preload HTTP Strict Transport Security instructions.”