CNAMEd communities cannot use FastPass script over SSL

  • Problem
  • Updated 3 years ago
  • Solved
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members. The community moderator provided the following reason for archiving: Problems have been marked as solved, but are now out of date.

We've been using GetSatisfaction for awhile, and this morning I started getting security warnings throughout our HTTPS-protected site. It looks like the javascript reference to GetSatisfaction, redirected from https://getsatisfaction.com to http://support.delaget.com, which is causing the errors. When I try to point my browser to https://support.delaget.com, I get big ugly security warnings. I'm checking with our IT guys to see if something changed on our end, but need to resolve as quickly as possible. Please help!
Photo of Sean Clauson

Sean Clauson

  • 120 Points 100 badge 2x thumb

Posted 3 years ago

  • 1
Photo of Jenn Lin

Jenn Lin

  • 20,498 Points 20k badge 2x thumb
Hello Sean,

We enabled HTTPS connections for all communities using the getsatisfaction.com domain last night. So that is presumably what changed.

However, we made no changes to the CNAMEd communities. Since you are using support.delaget.com, we must host this on an HTTP connection. We are shortly going to add support for our server to host your SSL Certificate which will allow for the https://support.delaget.com option.

Can you show me the page that has new HTTPS warnings?

Jen
Photo of Jenn Lin

Jenn Lin

  • 20,498 Points 20k badge 2x thumb
For more information about the SSL change that was made:
https://getsatisfaction.com/devcommun...
Photo of Sean Clauson

Sean Clauson

  • 120 Points 100 badge 2x thumb
The pages that use GS are behind a log-in form, and I'm not easily able to give you access due to information privacy concerns...Is there anything specific I can check for you, or any other information I can provide?

How soon do you plan on fixing the domain alias issue? Because the GetSatisfaction code is in our site's master page, IE users are getting a warning pop-up on every single hit, and I'm scrambling to find a solution (which, may be breaking the feedback widget temporarily to avoid the larger pop-up-issue). Please let me know. Thanks!
Photo of Jenn Lin

Jenn Lin

  • 20,498 Points 20k badge 2x thumb
One very quick and dirty solution while we investigate would be to disabled the CNAME for your community. This will move everything to HTTPS.

Change that in the admin section:
getsatisfaction.com/COMMUNITY/admin/cname

Since I cannot see the site, let me ask some questions.

- Are you using widgets or the API?
- How are you referencing get satisfaction on the page? With gs.com or support.delaget.com?
- Can you share the source code? Could you show it to me via email? I am at jenn at getsatisfaction dot com.

Thanks,
Jenn
Photo of Sean Clauson

Sean Clauson

  • 120 Points 100 badge 2x thumb
I've removed the alias, and that has cleared the errors. I'll follow-up with an email w/source. Thanks!
Photo of Jenn Lin

Jenn Lin

  • 20,498 Points 20k badge 2x thumb
Thanks Sean. I apologize for the CNAME change request, but we are actively looking into this issue and I know that will unblock you for now.

Jenn
Photo of Jenn Lin

Jenn Lin

  • 20,498 Points 20k badge 2x thumb
Hi Sean,

We have done some deep investigation and this SSL change has made it clear that the FastPass script implementation isn't working in this case.

There are two options to enable FastPass with domain aliases and SSL. The script FastPass method you are currently using does not work with SSL and a custom domain.

Option 1: Write a FastPass cookie
cookies["fastpass"] = { :value => FastPass.url(KEY, SECRET, user.email, user.name, user.id), :domain => ".domain.com" }

Option 2: Pass the FastPass credentials through the URL to the community

Once you make those changes, we can then re-enable the CNAME for your community. You can also see more information here:

http://getsatisfaction.com/developers...

Thanks,
Jenn

This conversation is no longer open for comments or replies.