Sunday, February 17, 2013

Disqus now linking uploaded images to their CDN over HTTPS

As Disqus is moving to add HTTPS support in the latest version of Disqus, Disqus 2012, bits and pieces of the embed are already getting HTTPS support tacked on, even by default. Today I just discovered that newly uploaded images are now hosted on their CDN, with a HTTPS connection.

I know, it sounds a bit complicated, but basically I've figured out that Disqus has one main CDN, and depending on how you format the URL you can grab resources through a normal connection or through an encrypted socket.

The URL scheme basically works like this:

Normal: http://mediacdn.disqus.com/path/to/resources
HTTPS: https://securecdn.disqus.com/path/to/resources

Not that much of a difference, but a neat trick if you wish to go the extra length to get resources over an encrypted connection. The whole point of this article was to show that newly uploaded images are linked to their source (on Disqus) with a HTTPS address instead of the old, normal one.

Disqus has already added HTTPS support for Disqus 2012, but they don't quite "guarantee" full support. You can test out HTTPS support by modifying the URL of the script that is used to load the embed.
http://(shortname).disqus.com/embed.js --> https://(shortname).disqus.com/embed.js

The only things I haven't been able to load over HTTPS is the actual Blogger integration, which is blogger_item.js. It won't load over HTTPS using the shortname.disqus.com/(..) method, but you can change the URL from mediacdn to securecdn to get the script directly over HTTPS, but make sure that you make sure the prefix is HTTPS as well. I've notified Disqus about this a while back but they haven't fixed it yet, and have no intentions to until they are officially ready to support HTTPS loading.

If you have a test website, go ahead and try out what I'm talking about if you wish.