Hi,
I have been testing implementing HTTPS for a production site that uses Discourse for comments.
Comments show up on http://sitename.tld
, but not on https:// sitename.tld
. The URL for our Discourse site is https:// discussion.sitename.tld
; the Discourse site has already been working with HTTPS for a while now.
I did some digging and found that we’re linking to a JavaScript file over HTTP, at http://discussion.sitename.tld/javascripts/embed.js
. When I change our configuration like below, I see an “Error Embedding” message upon viewing https://sitename.tld.
var discourseUrl = "https:// discussion.sitename.tld/",
discourseEmbedUrl = "<?php print 'https:// sitename.tld/node/'.$node->nid; ?>";
(function() {
var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
d.src = discourseUrl + 'javascripts/embed.js';
(document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);
})();
The one time I did get this semi-working was from changing the d.src variable to be a direct link, like so:
d.src = 'https:// discussion.sitename.tld/javascripts/embed.js';
I also changed a few settings in Discourse under Security, by adding https://sitename.tld
to the list of CORS I believe. I added https://sitename.tld
to the list on Customizations->Embedding as well. This resulted in multiple new topic creations on discussion.sitename.tld; instead of using already-created topics that were made over HTTP connection to the site, it created new topics for each of the pages and flooded our forum for a bit…
Is there a better way I can set this up so the comments show up on our site from HTTPS, but also don’t create duplicate topics based on which way you access the page?