All geek questions in one place

Merging Websites with Twitter Widgets

I am looking for a solution on how to isolate a widget partially included on the main site. The problem occurs when the user accesses the site using https. Those. 6.7 shows a security confirmation dialog (some of the website’s resources are not in a safe zone). First of all, I download the Twitter widget on our side, and also upload all the CSS and images. Then I pinned the JS widget to point to the loaded resources. But still no luck with a security warning :( I think the reason for this problem is the AJAX request for twitter, but there is no idea how to pick it up. (Just to create some kind of proxy on our side).

Thank you for the attention.

+3
source share
5 answers

I got a Twitter widget to work via HTTPS (SSL) by doing the following:

  • Save every image, css and javescript file on my local web server

  • Changed every "http" to "https" in javascript AND in css

  • The last part was difficult. https://twitter.com/statuses/user_timeline.json returns data that already includes "http"; namely avatars and profile picture. So, I found about four places in widjet.js that used user_timeline.json data. I hardcoded the URL of the image where the "http" data was ever used. The search for "src" will be located in all of these places.

This is an ugly fix, but it worked.

+2
source

.js . .

script SSL https://twitter-widgets.s3.amazonaws.com/ http//widgets.twimg.com/ .

, !

geedubb

+4

sniffer, HttpWatch, . , , , http https. , URL-, , https://twitter.com, , .

+1

, . , HTTP- https, IE, Twitter. firehead headers headers, HTTP-, JSON.

+1

script, https. / https://twitter-widgets.s3.amazonaws.com/ HTTP//widgets.twimg.com/ , .

+1

Source: https://habr.com/ru/post/1726385/

More articles:


All Articles