tl;dr: If I set the discourseUrl field when I embed comments, does Discourse read that when it parses the page, or only as part of the request to parse the page?
Hey there!
I use Discourse as a forum and to embed comments on my posts at HappyCoding.io.
- Here’s an example page with embedded comments: Isometric Cubes - Happy Coding
- And the corresponding Discourse post: Isometric Cubes - Examples - Happy Coding
Over the past few weeks, I’ve been moving some pages on my main site around, from an /examples directory to a /tutorials directory. I’ve set up redirects on the main page so the old links still work, and in order to not generate a bunch of new embedded Discourse posts, I’ve made sure the embed code in the existing pages uses the old URL as the discourseEmbedUrl.
That has mostly worked fine, except now, a few weeks later, I’m starting to see random new posts on my Discourse, seemingly generated from the new URLs for my pages. So even though there’s an existing Discourse post for https://happycoding.io/tutorials/p5js/creating-classes/isometric-cubes that uses the old URL https://happycoding.io/examples/p5js/creating-classes/isometric-cubes, I’m seeing a new post for https://happycoding.io/tutorials/p5js/creating-classes/isometric-cubes that uses only the new URL.
I think this is happening because somebody else (not me) is running a local version of my site that doesn’t pass the old URL in as the discourseEmbedUrl. I’m not sure if this is malicious, as there was a few hours (between this commit and this commit) where my code was doing the wrong thing. It does feel weird that somebody would be running exactly the wrong version of the code, but it’s the only thing I can think of that would generate these Discourse posts.
Sorry for all the background, but my questions are:
- First off, does that sound right so far? I think I understand how Discourse embeds work, but I could be missing something.
- If I set the
discourseUrlas described at Embed Discourse comments on another website via Javascript, will Discourse only know about that URL as part of the request, or does it read it from the page when it parses it? (I’m asking because setting it on my site won’t help, because the requests are coming from somebody else.) - Is there any other approach I might take to prevent other users from sending requests to my Discourse instance and causing it to create posts for the wrong URLs? I’ve already made embedded posts unlisted, which helps, but I’d like to not have to approve a Discourse post every time I add a page to my website.
Sorry this got longer than I planned, and thank you for any help y’all can offer!