The solution to the problem (at least for me) seem to remove all calls JS FB. canvas
When I am using only the setAutoResize feature, I removed it from my view of a secure application.
I noticed the params passed along with the/connect/canvas_proxy.php? Call while debuggin with violinist. He seems to be a problem I had.
Hope this solution will help others.
Now I am stuck with Iframe scrollbars under SSL.