I have a v11 CE site running at https://mydomain.com with a valid SSL certificate from LE. When I click the link to "Log in with Facebook" I get the dreaded "Insecure Login Blocked: You can't get an access token or log in to this app from an insecure page. Try re-loading the page as https://" error. But then I noticed that the URL generated by Odoo for this link does not have https, only http. The web.base.url parameter for the site is https, but I had to freeze it by creating the web.base.url.freeze parameter with value set to True. This is the link that Odoo is generating:
https://www.facebook.com/dialog/oauth?redirect_uri=http%3A%2F%2Fmydomain.com%2Fauth_oauth%2Fsignin&scope=public_profile%2Cemail&response_type=token&client_id=705266863150553&state={%22r%22%3A+%22http%253A%252F%252Fmydomain.com%252Fweb%22%2C+%22p%22%3A+2%2C+%22d%22%3A+%22db_demo%22}
If I replace the two instances of http with https, the Facebook login works..
Why isn't Odoo generating this link with what is found in the web.base.url parameter? What's the best way to fix this?