HTTPS support - Error Embedding


(Steve) #1

Hi,
I have been testing implementing HTTPS for a production site that uses Discourse for comments.
Comments show up on http://sitename.tld, but not on https:// sitename.tld. The URL for our Discourse site is https:// discussion.sitename.tld; the Discourse site has already been working with HTTPS for a while now.

I did some digging and found that we’re linking to a JavaScript file over HTTP, at http://discussion.sitename.tld/javascripts/embed.js. When I change our configuration like below, I see an “Error Embedding” message upon viewing https://sitename.tld.

  var discourseUrl = "https:// discussion.sitename.tld/",
      discourseEmbedUrl = "<?php print 'https:// sitename.tld/node/'.$node->nid; ?>";

  (function() {
    var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
      d.src = discourseUrl + 'javascripts/embed.js';
    (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
  })();

The one time I did get this semi-working was from changing the d.src variable to be a direct link, like so:
d.src = 'https:// discussion.sitename.tld/javascripts/embed.js';

I also changed a few settings in Discourse under Security, by adding https://sitename.tld to the list of CORS I believe. I added https://sitename.tld to the list on Customizations->Embedding as well. This resulted in multiple new topic creations on discussion.sitename.tld; instead of using already-created topics that were made over HTTP connection to the site, it created new topics for each of the pages and flooded our forum for a bit… :frowning:

Is there a better way I can set this up so the comments show up on our site from HTTPS, but also don’t create duplicate topics based on which way you access the page?


(Jay Pfaffman) #2

I think that what you want to do is to make both sites https only. On Discourse you can turn on the force https site setting.


(Steve) #3

I’ll try that out, thank you!
In my cors origins settings, I have http://sitename.tld listed. Do you know if I might run into the duplicate creation issue again if I set this to https://sitename.tld?

Either way, I’ll take a look and see if forcing HTTPS will fix this. Thanks!


(Jay Pfaffman) #4

I don’t know. I do think that you want just one of http or https and that the better one is https.


(Steve) #5

I’ve got it working now – thanks so much!
I changed only the first link to HTTPS in the Discourse code block. Since this site is transitioning from HTTP to HTTPS, all previously created topics had a discourseEmbedUrl of http:// sitename.tld/node/blablabla. Changing that to https made the topics appear to be recreated. So I ended up changing only the discourseUrl to HTTPS, and leaving the discourseEmbedUrl in HTTP to preserve previous topics.

Thank you again! I hope this is helpful for anyone facing a similar transition :slight_smile: