Tag: «вк»

Once browsers realize that a site can be opened over https, they no longer want to open it over plain http. Firefox and Chrome definitely behave like that. VKontakte is an example. And once a site is opened over https, some resources on the page may still be loaded over http, but not Javascript files. Those get blocked and must be loaded over https only.

Today I was making a simple iframe app for VK. Basically it was just a lightly styled php page into which I inserted the php code of a ticket booking and purchase system. After setting the URL in the VK app, I discovered that VK works over HTTPS and my page was also trying to load over HTTPS. Since my server did not support https, I had to configure it.

I got the certificate from StartSSL for free. I configured everything, everything started working (my blog could now also be opened as https://arm1.ru — I turned that off and left only http for now, because all Disqus comments and social-media likes broke :) and I do not really need https on that domain anyway), hallelujah, the script started loading. But the PHP code of the ticket system essentially returns its own HTML, and that HTML loads various js code over http. Since that gets blocked, nothing works again :) It is a hellish chain, really. VK -> iframe -> my server -> ticket server. Now I am waiting for them to set up https on their side and serve all js code over it.

But I did get a couple of useful lessons out of it.

1. Whenever possible, load external js not as “http://site.com/code.js” but as “//site.com/code.js”. The // means “use the current connection protocol”. The browser handles the check, so you do not need to check the protocol in code yourself.
2. Experience gained from bringing up and configuring https on my own server. Two guides so I do not lose them:
   1. Getting a free SSL certificate (via StartSSL).
   2. Configuring an HTTPS server in nginx.

Now the main thing is not to forget that in a year the SSL certificate will need to be renewed.