I said in that blog post that I would try to switch on HTTPS support for Disqus, but then I looked at the template code for the Disqus widget. What I found is that the Disqus widget uses code to create the disqus_thread div element, and it injects the embed under that div element. The problem lies that:
- The blogger_item.js file does not load over HTTPS at all, so it eliminates the possibility of HTTPS in the first place
- The actual embed script is inside of that blogger_item.js file, so I can't modify it to change http:// to https://.
Ok, here is some images I took. If you want to replicate the results, here is what what you do:
- Open up a browser tab or window
- Type in https://, then your site's shortname. In this case, look at my URL.
- After typing in the HTTPS part, finish the URL as follows: https://techmansworld.disqus.com/blogger_item.js
Regardless of any forum shortname that you use, all of it will redirect to one file on Disqus' CDN. Refer to picture below.
This is what the actual JS file contains in terms of code. The Disqus embed code is highlighted, and I hope you can see the issue.
So, I am going to pass this as well to the Disqus team to look into while they are still testing Disqus 2012 HTTPS support
Now for clarification, it does not matter if you have Disqus Classic or Disqus 2012 enabled, because the code in the widget stays the same. What really changes is that your embed.js file redirects to either a classic theme, or the Disqus next (2012) theme. And either way, you can't modify the blogger_item.js file.
Possible Temporary Solutions
My solution is the following. If you agree, or if I have something wrong, please let me know in the comments below. I have no idea if the code will override the default disqus call in the blogger widget, but I'll try anyways.
dsq.src = 'https://'+disqus_shortname+'.disqus.com/embed.js