Opened 7 years ago

Closed 7 years ago

#5496 closed defect (fixed)

HTTPS Everywhere breaks Disqus commenting

Reported by: cypherpunks Owned by: pde
Priority: Medium Milestone:
Component: HTTPS Everywhere/EFF-HTTPS Everywhere Version:
Severity: Keywords:
Cc: MB, skrubaduba@… Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

When HTTPS Everywhere is enabled commenting on sites that use the Disqus commenting service is not possible, due to the submit button not loading. This problem also occurs on the Disqus blog, for instance at http://blog.disqus.com/post/19805413105/introducing-orbital

The JavaScript console shows the following error message:


Unable to post message to http://mediacdn.disqus.com. Recipient has origin https://securecdn.disqus.com.


Child Tickets

TicketStatusOwnerSummaryComponent
#6054closedpdehttps-everywhere prevents disqus threads from loading even when disabledHTTPS Everywhere/EFF-HTTPS Everywhere

Change History (13)

comment:1 Changed 7 years ago by cypherpunks

Disqus private beta is affected by this issue as well. Chrome 19.0.1084.1 dev on Ubuntu Linux

Here are c&p of errors in console with stacktraces expanded

Unable to post message to http://disqus.com. Recipient has origin https://disqus.com.
 embed.js:43
d.sendMessage embed.js:43
f embed.js:51
trigger embed.js:46
d embed.js:18
DISQUS.trigger.target embed.js:18
Unable to post message to http://disqus.com. Recipient has origin https://disqus.com.
 embed.js:43
d.sendMessage embed.js:43
f embed.js:51
trigger embed.js:46
d embed.js:41
DISQUS.trigger.target embed.js:41
Unable to post message to http://disqus.com. Recipient has origin https://disqus.com.
 embed.js:43
d.sendMessage embed.js:43
f embed.js:51
trigger embed.js:46
d embed.js:18
(anonymous function) embed.js:18
Unable to post message to http://disqus.com. Recipient has origin https://disqus.com.
 embed.js:43
d.sendMessage embed.js:43
f embed.js:51
trigger embed.js:46
d embed.js:41
(anonymous function) embed.js:41

comment:2 Changed 7 years ago by pde

This should reportedly be fixed by Negres's recent changes in git master.

comment:3 Changed 7 years ago by pde

Resolution: fixed
Status: newclosed

Which will be released as 3.0development.2; this bug was not in 2.0.1.  Closing for now.

comment:4 Changed 7 years ago by cypherpunks

@pde: when fix will be available for Chrome extension?

comment:5 Changed 7 years ago by pde

Cc: MB skrubaduba@… added
Resolution: fixed
Status: closedreopened

Janne Maekelae sent another report of the Disqus rulesets breaking comments in 3.0development.2, so reopening this :(

Here: https://torrentfreak.com/bittorrent-to-rebrand-itself-as-gyre-120505/

comment:6 Changed 7 years ago by pde

Janne, I was able to post a Disqus comment on that page using 3.0development.2.  Can you reproduce this problem in a clean browser profile with a fresh install of HTTPS Everywhere and no other extensions?

comment:7 Changed 7 years ago by gh1234

torrentfreak.com works great for me, too.
But I have issues with

http://www.omgubuntu.co.uk/2012/05/ea-games-arrive-in-the-ubuntu-software-center/

While HTTPS Everywhere is enabled I do not even see the comments below the article.
The devtools show the following error:

Unable to post message to http://disqus.com. Recipient has origin https://disqus.com.
a.sendMessage   securecdn.disqus.com/1336587756/build/next/embed.js:20
f               securecdn.disqus.com/1336587756/build/next/embed.js:28
trigger         securecdn.disqus.com/1336587756/build/next/embed.js:23
DISQUS.trigger.target

comment:8 Changed 7 years ago by pde

I agree that 3.0development.4 is broken on that page.

comment:9 Changed 7 years ago by pde

(by which I mean, git master)

comment:10 Changed 7 years ago by pde

I've disabled the Disqus ruleset in both the 2.0 and master git branches, which means this should be worked-around in the next releases. However, it would be quite a pity that if can't figure out a reliable way to secure all of these conversations.

To that end I've also contacted Disqus to see if any of their developers can take a look at the ruleset...

comment:11 Changed 7 years ago by pde

Disqus tech support wrote back to say:

Thanks for bringing this to our attention. I've forwarded this email to our developers and we're already having some conversations (and have a few related internal tickets) that should help resolve this. There shouldn't be any changes you'll need to make to the plugin itself, we'll work on this on our end.

Regarding timeline, we're currently heads-down on getting Disqus 2012 out the door so this likely won't be completed in the immediate near-term but we are
looking to turn our sights on issues like this post-D12 launch.

comment:12 Changed 7 years ago by pde

I will proceeed with disabling the Disqus ruleset unless and until we here back from them that things are more consistently safe on the server side.

comment:13 Changed 7 years ago by pde

Resolution: fixed
Status: reopenedclosed

This should really and truly be fixed in today's stable and dev releases.

Note: See TracTickets for help on using tickets.