Use HTTPS for Disqus requests #372
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…/universalcode/ - '//' instead of 'http://' or 'https://'
|
Protocol-relative URLs are an anti-pattern. Do some searching around and you will see links that explain why.
|
|
@justinmayer Thanks for the comment. Will do some reading. However, that's the official Disqus recommendation, and leaving the current http prefix is clearly wrong. |
|
As I mentioned before, using https everywhere, regardless of how the site itself is served.
|
|
I should add that I believe their official recommendation is just plain wrong. Why not call a resource via HTTPS if it's available via HTTPS?
|
|
See note at top: http://www.paulirish.com/2010/the-protocol-relative-url/
|
|
Sure, I read that one. So, should I make another PR with https everywhere? |
|
I suggest using this existing PR, squashing your commits once you're done.
|
|
Done. |
|
Excellent. Many thanks, Adam! |
justinmayer
added a commit
that referenced
this pull request
Feb 20, 2016
Use HTTPS for Disqus requests
|
@justinmayer Sure thing - thanks for accepting. While on the same page, what's your opinion about #373? If built correctly, it can ease not only Disqus, but also for other boilerplate code like Google Analytics. |
masayukig
added a commit
to masayukig/pelican-themes
that referenced
this pull request
Mar 6, 2016
This reverts commit 60114c8. That was an intended change by getpelican#372 . getpelican#372
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The problem
Disqus does not load from
https://sites under thegumtheme (and almost any other). This happens because the Disqus URL prefix ishttp://, and insecure content will not be loaded from a secure site.The solution
Disqus documentation
According to the official Disqus documentation, the embed code source should use Protocol-relative URL:
While themes use:
Where
XXXXXis the Disqus site name, denoted{{ DISQUS_SITENAME }}in Pelican.My solution
I've converted both
http://andhttps://prefixes to the https, which will only work. Following comments on this thread, I decided to avoid Protocol-Relative URLs and just go secure in every call.See further discussion here: getpelican/pelican#1911