Facebook HTTPS requirement for apps

Facebook. I completely understand that you want more security for all the applications. You want it, we want it, everyone is on the same page.

But unfortunately, your latest “security update” just really doesn’t seem to make any sense whatsoever.

I truly do understand and agree that HTTPS should be enforced for production apps. No traffic should go to a server without encryption, especially when it comes to apps that handle user data.

But for people that want to just test some things out locally, we tend to use localhost and play with the debugger and we just want it to work. There’s no private user data being passed through, we completely understand it’s our data and some of us might just be fine with that data going through unencrypted for testing purposes. Possibly even a test facebook account, which matters even less.

But for Apps that are currently “In Development” status or that are “Test App”, shouldn’t be enforced with these limitations and even have the buttons but disabled.

Instead display a big red warning that these should be enabled and are “Strongly recommended” as you say, but have the option to disable them temporarily. Even turn it back on automatically after 1 hour? 8 hours? 24 hours?

It should be a developer choice, as developers choose to use something because it’s comfortable or accommodating, once those “accommodations” start being restricted from the get go for even “testing” apps, developers might go somewhere else because of frustration or lack of documentation of why something is just disabled while the documentation says it can be toggled on and off.