HTTPS support - Error Embedding

I have been testing implementing HTTPS for a production site that uses Discourse for comments.
Comments show up on http://sitename.tld, but not on https:// sitename.tld. The URL for our Discourse site is https:// discussion.sitename.tld; the Discourse site has already been working with HTTPS for a while now.

I did some digging and found that we’re linking to a JavaScript file over HTTP, at http://discussion.sitename.tld/javascripts/embed.js. When I change our configuration like below, I see an “Error Embedding” message upon viewing https://sitename.tld.

  var discourseUrl = "https:// discussion.sitename.tld/",
      discourseEmbedUrl = "<?php print 'https:// sitename.tld/node/'.$node->nid; ?>";

  (function() {
    var d = document.createElement('script'); d.type = 'text/javascript'; d.async = true;
      d.src = discourseUrl + 'javascripts/embed.js';
    (document.getElementsByTagName('head')[0] || document.getElementsByTagName('body')[0]).appendChild(d);

The one time I did get this semi-working was from changing the d.src variable to be a direct link, like so:
d.src = 'https:// discussion.sitename.tld/javascripts/embed.js';

I also changed a few settings in Discourse under Security, by adding https://sitename.tld to the list of CORS I believe. I added https://sitename.tld to the list on Customizations->Embedding as well. This resulted in multiple new topic creations on discussion.sitename.tld; instead of using already-created topics that were made over HTTP connection to the site, it created new topics for each of the pages and flooded our forum for a bit… :frowning:

Is there a better way I can set this up so the comments show up on our site from HTTPS, but also don’t create duplicate topics based on which way you access the page?

I think that what you want to do is to make both sites https only. On Discourse you can turn on the force https site setting.


I’ll try that out, thank you!
In my cors origins settings, I have http://sitename.tld listed. Do you know if I might run into the duplicate creation issue again if I set this to https://sitename.tld?

Either way, I’ll take a look and see if forcing HTTPS will fix this. Thanks!

1 Like

I don’t know. I do think that you want just one of http or https and that the better one is https.

I’ve got it working now – thanks so much!
I changed only the first link to HTTPS in the Discourse code block. Since this site is transitioning from HTTP to HTTPS, all previously created topics had a discourseEmbedUrl of http:// sitename.tld/node/blablabla. Changing that to https made the topics appear to be recreated. So I ended up changing only the discourseUrl to HTTPS, and leaving the discourseEmbedUrl in HTTP to preserve previous topics.

Thank you again! I hope this is helpful for anyone facing a similar transition :slight_smile: