Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
On secure (HTTPS) sites, javascript code from an unsecure source is blocked in chrome by default.
Twitter also delivers the js files over a https connection. Therefore the lines that request js files from Twitter should have something like the following code:
$connection = ($_SERVER['HTTPS'] == 'on') ? 'https' : 'http';
$script_url = url($connection.'://platform.twitter.com/widgets.js', array('external' => TRUE, 'https' => TRUE));
Comment | File | Size | Author |
---|---|---|---|
#3 | tweetbutton-unsecure-javascript-blocked-1971970-2.patch | 1.91 KB | oetseli |
#1 | tweetbutton-unsecure-javascript-blocked-1971970-1.patch | 2.01 KB | oetseli |
Comments
Comment #1
oetseli CreditAttribution: oetseli commentedI'm proposing a patch that I needed on a client project. Using the url()-function's http option is not reliable as Drupal's own https documentation is suggesting that you can leave $conf['https'] to FALSE on https-only sites. url() then checks for that variable if you've set the url's http option to true AND url() will only replace http with https if both are TRUE! This means that there's either a design problem with $conf['https'] or url().
Either way, my solution is to check if https:// strpos is 0 in the $base_url. I feel that this is more secure than checking some enviroment variable. The global $is_https didn't help either for some reason (maybe it's just an easy way of checking if $conf['https'] is TRUE?).
Comment #2
oetseli CreditAttribution: oetseli commentedThis is another solution that simply uses protocol-relative URL schema. I'd go with this as it's way simpler and browser support is not an issue anymore.
That is:
url('//platform.twitter.com/widgets.js', array('external' => TRUE));
Comment #3
oetseli CreditAttribution: oetseli commentedComment #4
rcls CreditAttribution: rcls commentedI can confirm this solution works. I don't think it will be implemented however as the module has been without an update for almost 3 years now.
Comment #5
davemybes CreditAttribution: davemybes commentedConfirmed the patch in #3 works. Hopefully the new maintainers will implement this :)
Comment #7
timmillwood