Opened 8 years ago
Closed 7 years ago
#5496 closed defect (fixed)
HTTPS Everywhere breaks Disqus commenting
Reported by: | cypherpunks | Owned by: | pde |
---|---|---|---|
Priority: | Medium | Milestone: | |
Component: | HTTPS Everywhere/EFF-HTTPS Everywhere | Version: | |
Severity: | Keywords: | ||
Cc: | MB, skrubaduba@… | Actual Points: | |
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
When HTTPS Everywhere is enabled commenting on sites that use the Disqus commenting service is not possible, due to the submit button not loading. This problem also occurs on the Disqus blog, for instance at http://blog.disqus.com/post/19805413105/introducing-orbital
The JavaScript console shows the following error message:
Unable to post message to http://mediacdn.disqus.com. Recipient has origin https://securecdn.disqus.com.
Child Tickets
Ticket | Status | Owner | Summary | Component |
---|---|---|---|---|
#6054 | closed | pde | https-everywhere prevents disqus threads from loading even when disabled | HTTPS Everywhere/EFF-HTTPS Everywhere |
Change History (13)
comment:1 Changed 8 years ago by
comment:2 Changed 8 years ago by
This should reportedly be fixed by Negres's recent changes in git master.
comment:3 Changed 8 years ago by
Resolution: | → fixed |
---|---|
Status: | new → closed |
Which will be released as 3.0development.2; this bug was not in 2.0.1. Closing for now.
comment:5 Changed 8 years ago by
Cc: | MB skrubaduba@… added |
---|---|
Resolution: | fixed |
Status: | closed → reopened |
Janne Maekelae sent another report of the Disqus rulesets breaking comments in 3.0development.2, so reopening this :(
Here: https://torrentfreak.com/bittorrent-to-rebrand-itself-as-gyre-120505/
comment:6 Changed 8 years ago by
Janne, I was able to post a Disqus comment on that page using 3.0development.2. Can you reproduce this problem in a clean browser profile with a fresh install of HTTPS Everywhere and no other extensions?
comment:7 Changed 8 years ago by
torrentfreak.com works great for me, too.
But I have issues with
http://www.omgubuntu.co.uk/2012/05/ea-games-arrive-in-the-ubuntu-software-center/
While HTTPS Everywhere is enabled I do not even see the comments below the article.
The devtools show the following error:
Unable to post message to http://disqus.com. Recipient has origin https://disqus.com. a.sendMessage securecdn.disqus.com/1336587756/build/next/embed.js:20 f securecdn.disqus.com/1336587756/build/next/embed.js:28 trigger securecdn.disqus.com/1336587756/build/next/embed.js:23 DISQUS.trigger.target
comment:10 Changed 8 years ago by
I've disabled the Disqus ruleset in both the 2.0 and master git branches, which means this should be worked-around in the next releases. However, it would be quite a pity that if can't figure out a reliable way to secure all of these conversations.
To that end I've also contacted Disqus to see if any of their developers can take a look at the ruleset...
comment:11 Changed 8 years ago by
Disqus tech support wrote back to say:
Thanks for bringing this to our attention. I've forwarded this email to our developers and we're already having some conversations (and have a few related internal tickets) that should help resolve this. There shouldn't be any changes you'll need to make to the plugin itself, we'll work on this on our end.
Regarding timeline, we're currently heads-down on getting Disqus 2012 out the door so this likely won't be completed in the immediate near-term but we are
looking to turn our sights on issues like this post-D12 launch.
comment:12 Changed 8 years ago by
I will proceeed with disabling the Disqus ruleset unless and until we here back from them that things are more consistently safe on the server side.
comment:13 Changed 7 years ago by
Resolution: | → fixed |
---|---|
Status: | reopened → closed |
This should really and truly be fixed in today's stable and dev releases.
Disqus private beta is affected by this issue as well. Chrome 19.0.1084.1 dev on Ubuntu Linux
Here are c&p of errors in console with stacktraces expanded