Duplicate http/https topics are randomly created

Hi there,
I recently transitioned my site from HTTP to HTTPS; all Discourse threads link to their original posts at http://sitename.com/posts/[post number], and with redirects in place it still works great for browsers.

However, we’re seeing some duplicate threads show up somewhat randomly, with original posts linking back to HTTPS links for posts on the homepage. As an example, for a thread created in ~2014 originating from http://sitename.com/posts/243, there’s now a new thread with no replies created, linking back to https://sitename.com/posts/243. I had written the discourseEmbedUrl as http://sitename.com to avoid the system mistakenly creating duplicate threads, but it still seems to do it randomly.

The code I’m using on the template page is here (with substitutions made):

      <script type="text/javascript">
        var discourseUrl = "https://discussion.sitename.com/",
            discourseEmbedUrl = "<?php print 'http://sitename.com/posts/'.$post->postId; ?>";

        (function() {
          var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
            d.src = discourseUrl + 'javascripts/embed.js';
          (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
        })();
      </script>

The variables discourseUrl and discourseEmbedUrl differ in HTTP/HTTPS approach because I did not want Discourse to view a post as “new” and re-create it, because of simply being accessed over HTTPS instead of over HTTP. Since browsers get redirected from HTTP to HTTPS, it’s worked thus far except for having random duplicates.

Has anyone else had this issue before? I had thought specifying http://sitename.com instead of https://sitename.com would be clear enough to avoid this issue so Discourse would see there is already a thread created for the post in question, but something seems to be going wrong still.

Is there a different approach I should take so that there aren’t random duplicate threads created?

Are you sure you have force HTTPS set in your site settings on the target Discourse? That is absolutely required.

Hi Jeff,
I just double-checked, and verified we do have force HTTPS enabled in the site settings of Discourse. The only portion to my knowledge that we’ve specified HTTP only and not HTTPS is in discourseEmbedUrl, so we wouldn’t have every post re-created as HTTPS after the transition…

Do you know if it would have anything to do with CORS origins? We have those set to https://sitename.com instead of http://sitename.com, but I didn’t think that would make the random duplicate posts appear…

@techapj can you take a look here? From the purposes of the embedder, be sure that we consider http and https versions of the same link as identical, and prefer https – particularly if force https is on.

1 Like

Fixed via:

https://github.com/discourse/discourse/commit/9030d3ef6316431da2e070d1449acb90da57c4b8

3 Likes

Make sure that the canonical URL you’re providing to the embed script always uses HTTPS, and doesn’t vary by e.g. query string parameters, port number, aliased domain names, etc.

If some of your embeds are HTTP and some are HTTPS, it’ll be a crapshoot which one gets linked to from Discourse.

If you wanted, you could even add ?utm_medium=discourse after removing existing source tracking :slight_smile:

4 Likes