令人惊讶的是，我一个小时前才开始尝试做同样的事情，但一直遇到同样的问题.如果您进入 FB 开发者门户并转到 Facebook 登录 下的设置，则有一个选项可以强制使用 HTTPS.

Amazingly I just started trying to do the same thing like an hour ago and have been having the same issue. If you go into the FB developer portal and go to Settings under Facebook Login there's an option to Enforce HTTPS.

进一步调查显示:

强制 HTTPS.此设置需要 HTTPS 用于 OAuth 重定向和使用 JavaScript SDK 获取访问令牌的页面.截至 2018 年 3 月创建的所有新应用程序都默认启用此设置，您应该计划迁移任何现有应用程序以仅使用HTTPS URLs 到 2019 年 3 月.大多数主要的云应用程序主机为您的应用程序提供免费和自动的 TLS 证书配置.如果您自托管您的应用程序或您的托管服务默认不提供 HTTPS，您可以为您的应用程序获取免费证书来自 Let's Encrypt 的域."

"Enforce HTTPS. This setting requires HTTPS for OAuth Redirects and pages getting access tokens with the JavaScript SDK. All new apps created as of March 2018 have this setting on by default and you should plan to migrate any existing apps to use only HTTPS URLs by March 2019. Most major cloud application hosts provide free and automatic configuration of TLS certificates for your applications. If you self-host your app or your hosting service doesn't offer HTTPS by default, you can obtain a free certificate for your domain(s) from Let's Encrypt."

参考:登录安全