Web site aggregation with twitter widget SSL issue

views:

562

answers:

Web site aggregation with twitter widget SSL issue

Hello!

I'm seeking for solution how to isolate widget included by partial to main site. Issue appear when user access site with https. Ie 6,7 shows security confirmation dialog (part of website resources are not in secure zone). First of all I download twitter widget on our side, also I download all CSS and pictures. Then I patched widget JS to point onto downloaded resources. But still has not luck with security warning :( I guess the reason of this issue is AJAX request to twitter, but there is no idea how to sole it. (Just to create some kind of proxy on our side).

Thank you for attention.

+1 A:

You can use a sniffer like HttpWatch to debug this--watch the requests going by and see which ones start with http instead of https. It may be possible to just change the urls you use to point to https://twitter.com, not sure about how your widget works.

Annie 2009-12-22 21:53:22

Switching to https://twitter.com should work. You can't mix http and https in IE without the warning.

MattMcKnight 2009-12-22 22:09:51

I try to modify AJAX rquest URL from HTTP to HTTPS, but it seems that twitter doesn't support HTTPS requests :(

AB 2009-12-23 05:02:20

Are you sure? The links above to https://twitter.com work for me.

Annie 2009-12-23 05:20:54

I see, but I mean AJAX request to: http://twitter.com/statuses/user_timeline.json

AB 2009-12-24 13:25:57

+1 A:

I got the Twitter Widget to work over HTTPS (SSL) by doing the following:

Save every image, css, and javescript file on my local webserver
Changed every "http" to "https" in the javascript AND in the css
The last piece was tricky. https://twitter.com/statuses/user_timeline.json brings back data that already includes "http"; namely avatars and the profile image. So, I found about four places in widjet.js that used the user_timeline.json data. I hardcoded an image url where ever that "http" data was used. Searching "src" will located all of those places.

It's an ugly fix, but it worked.

Keshar 2010-01-14 01:53:39

Could you post (or give some link) to your version of widget.js ? Cause I tried same without positive result.

AB 2010-01-14 11:14:10

http://www.parking.iupui.edu/js/widget.jsSearch "park" and "https" to find all of my edits.I found all of the "http" sources by uses Google Chrome's developer tools using the Resources tab. Look for any http://. Sniffing the network would also work too. You may be using additional items from user_timeline.json than I was. If so, you'll have more items in widget.js to edit.

Keshar 2010-01-14 20:52:01

Hi.. I kind of used your fix, but modified it slightly. I don't want to link to https://twitter.com, I just need the images, css and js to be delivered securely, so I selectively re-replaced any href="https references in the widget.js file with href="http

Seems to have worked well, doesn't cause any errors, and my users don't have to wait ten times as long when they click my Twitter profile link because I chose to send them to https twitter

Glass Fiend 2010-04-02 15:27:31

Hi, thanks Keshar, worked for me. I came to the same conclusion that all http requests had to be https to prevent the IE security warning and also display the twitter feed. I used the live HTTP headers firefox plugin which helps for showing any non-secure http requests, such as the JSON requests.

Jon

2010-07-03 17:41:07

ansaurus

tags:

views:

answers:

Web site aggregation with twitter widget SSL issue

related questions