Tuesday, September 11, 2012

Disqus 2012 HTTPS support? I think I found a new feature

Well as always, you know that Techman explores anything and everything to see if anything is new. This time, I was looking at Disqus, specifically the help docs.

I had read something on my phone earlier about how real time commenting works in Disqus 2012. Bascially there is a script called event.js that connects and disconnects every 30 seconds. This script calls and sends new comments and other data and inserts it into the embed. Since I was on my phone, I was not able to look further, or at least look as far as I wanted to. Besides, I still had a good 1-2 hours until my phone made it to a charger, and it actually lasts all day, until you start browsing the web heavily and other activities related to this.

So when I came home, I decided to fire up my browser, and go to help.disqus.com to search for the help doc I read earlier. While searching, I came across this, which was Disqus and HTTPS support. They said in the help doc that this feature is not supported in Disqus 2012, but I found that it might already be partially supported.
What I decided to do is load my shortname's embed JavaScript file. Bascially it redirects to a main embed JS on Disqus' content delivery network servers, but it does something (serves a purpose) I shall ask Disqus about that at a later time. Normally, sites across the web use HTTP (normal) pages, but some use HTTPS (secured; encrypted) web pages, and want everything on the page to be secure -- including the comment embed. What I decided to do is load up https://techmansworld.disqus.com/embed.js. To my surprise, the link worked, and it took to me to an embed script hosted on securecdn.disqus.com. In fact, the actual file can be found here.
Now here is where the story can change. You and I already know that the script is encrypted, but what about the corresponding iframe's that have to load, since Disqus 2012 is all embedded in an iframe, or multiple iframes actually. So what I have decided to do is use one of my page's as a test page. I won't tell, but I can say that it is linked on the page bar...

And what do you know...it appears to work. Photo proof below. Click to view larger. I guess I gave away my web page that I used, but ah well. You can't comment anyways, as I closed the embed on that page.
I guess I have beaten Disqus to their own game -- the game of who can announce features faster. Now the feature could still be under testing, and in that case I can see why they haven't announced this.

Either way, somone at the Disqus team has to saying "How on Earth is this guy doing this?" I'll answer it very simply. One, I have a good eye for noticing changes, and two, I just like to dig deeper into stuff, and most of the time new details pop up right in front of me.

As for Techman's World, I will edit the Blogger widget to use HTTPS, because why not have encrypted comments? I would. As far as how good the encryption is, it is 256 bits, meaning that it is very dificult to crack.

Update: Ok, I just wanted to clarify that by encrypted, I meant an encrypted connection between you and the Disqus servers. I did not mean that the actual embed.js file is encrypted, otherwise you would not be able to read it. Still, since your connection is encrypted, your data packets between you and Disqus would be hard to decrypt

Update 2: Ok, you might have a slight issue using HTTPS, at least from what I see. I am seeing the issue in my Firefox, but Chrome and IE load the script ok. So I take back what I said before about Disqus yanking the feature.