- Page:
- 1
jTweet destroys SSL HTTPS browser clearance
If you use Zentools please post a review at the Joomla! Extensions Directory.
13 years 3 months ago
Hiho!Thanks for the nice extension module. It's the best twitter one I've
seen so far!
I was just going to be happy with it, I realised visiting my (SSL-)website, that it destroys the
"SSL/HTTPS-is-fine" behavior of my browser. As far as I understand,
jTweet's client side javascript loads content directly and not through
the server, which breaks the website rendering into two parts, the
trusted one (the core page) and the untrusted one (the jTweed module).
Wouldn't it be a better idea, to let a server side PHP script get the
stuff from twitter and send it on browser request, to let the client
see that all seemingly comes from the same server?
Greets
BlueStar88
-
- BlueStar88
- Free Extensions
- 3 posts
- Karma: 0
The administrator has disabled public write access.
13 years 3 months ago
Right, yes I can see how that would be an issue.I am not a coder, so cannot say why the module was coded like that in the first place. Probably with good reasons, though I don't know what they are.
I will ask Anthony about this. Stay tuned....
-
- Seth
- Moderator
- 8358 posts
- 225 Thanks
- Karma: 202
The administrator has disabled public write access.
13 years 3 months ago
Seth wrote:
Right, yes I can see how that would be an issue.[...]
Here an example: lsd.cc
Thanks for reading/caring!
Greets
BlueStar88
-
- BlueStar88
- Free Extensions
- 3 posts
- Karma: 0
The administrator has disabled public write access.
13 years 3 months ago
The tweet module uses the twitter api, server side code and client side code don't quite work that way. I will look at the module and see if I can fix the issue though, it might be as simple as not using the correct type urls.
-
- steph.s
The administrator has disabled public write access.
13 years 3 months ago
steph.s wrote:
The tweet module uses the twitter api, server side code and client side code don't quite work that way. I will look at the module and see if I can fix the issue though, it might be as simple as not using the correct type urls.
Changing URLs would not help I fear, since page rendering from different sources is the problem.
PHP offers commands, to behave like a client (browser requests). Look at
de.php.net/manual/en/book.curl.php
Like this you can do the API query right from the webserver, where Joomla runs. The twitter API would see the requests coming from this webserver, not from the visitors client/webbrowser. Using this way would make the visitors browser happy on SSL/HTTPS connections (no more complaints about partly unsecure connection).
I do the same for my 3rd party apps, using the EVE Online API:
function QueryAPI($POST,$URL) {
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $URL);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HEADER, 0);
curl_setopt($ch, CURLOPT_POSTFIELDS, $POST);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
$buf = curl_exec($ch);
curl_close($ch);
return($buf);
}
// set some POST fields
$POST = array(
'parameter1' => 'value1',
'parameter2' => 'value2'
);
// define action URL
$URL = "http://api.someservice.com/callsomething.php";
// execute HTTP query operation, HTML answer results in $buf variable
$buf = QueryAPI($POST,$URL);
As you can see, it is quite simple to suck a HTTP-query answer into server side buffer/array, to do things with it.
Additionally you can cache the answer at the server (by file or database), to prevent brute force queries to the API on high visitor count.
Greets
BlueStar88
-
- BlueStar88
- Free Extensions
- 3 posts
- Karma: 0
Last Edit: 13 years 3 months ago by BlueStar88. Reason: Omitted curl_exec, corrected
The administrator has disabled public write access.
If you use Zentools please post a review at the Joomla! Extensions Directory.