I'm trying to get an app working within Facebook, but it seems that no matter what I try including forcing just https in the app settings (see screen shot), the iframe source (Facebooks canvas) seems to change the https address to http (301) which is then producing SEC7111: HTTPS security errors in IE?

(sorry I can't post screen shots or extra links yet:( )

Header dump of page in question:

Request URL:https://[hidden]
Request Method:POST
Status Code:301 Moved Permanently
Request Headers (13)
Form Data (1)
Response Headersview source
Connection:keep-alive
Content-Encoding:gzip
Content-Length:253
Content-Type:text/html; charset=iso-8859-1
Date:Mon, 01 Jul 2013 09:42:32 GMT
Location:http://[hidden]
Server:Apache/2.2.22
Vary:Accept-Encoding

I'm getting so confused by this, and would welcome any help that the community could offer.