Disqus `_internal/discus.html` not encrypted

Good Day.
I have successfully put out my static site on Netlify (actually my 12th site this stack) but with a new template. However, I don’t think it’s the templates issue. This site is not getting the browser lock because I have a couple of calls to Disqus that are not going via HTTPS. I looked in the source code and only see one instance that is using // as the transport method.

Am I missing something? Thanks

Ok, I saved the _internal/disqus.html as /layout/partials/disqus.html with this change:
from:
line 16: s.src = '//' + {{ .Site.DisqusShortname }} + '.disqus.com/embed.js';
to
line 16: s.src = 'https://' + {{ .Site.DisqusShortname }} + '.disqus.com/embed.js';

and it solved some, but it looks like Disqus’ embed.js is calling non HTTPS files?

Yup, that’s the culprit. Ugh. Any suggestions?

I directly loaded my embed.js in my browser https://myshortname.disqus.com/embed.js

and there are four hard-coded http:// calls.

  • {root:"https://disqus.com",shortener:"http://disq.us",logger:"https://x.disq.us",media:"htt
  • ,api:"https://disqus.com/api/3.0/",logout:"http://disqus.com/logout/",editP
  • I=function(a){var b=k,c=ia,d=ha,e="default",f={lounge:"http://disqus.com/embed/comments/",home:"https://disqus.c
  • ,recommendations:"http://disqus.com/recommendations/"},g=function(a)

Ugh. Time to use another service I guess.

Using IntenseDebate – I’ve used it before and it’s pretty seamless with a code snippet on the /layouts/_default/single.html file.

Wouldn’t mind figuring out the Disqus issue though.

If you don’t have an protocoll in yout URL, browsers use the protocol from the calling page. This is an old method for the last 10 years.

BUT most browser now try to use HTTPS first.

BUT the template author don’t know, if your site goes with HTTPS. That’s why dropping the protocol part was the default method.

If the target site supports HTTPS, I would code this in my URL for better security.

HTTP → HTTPS works fine.
HTTPS → HTTP gives you warnings and errors.

OK my 2cents: