Loading Profile...
Is it possible to use a Satisfaction widget over HTTPS?
We'd like to use a Satisfaction widget on our site but we're running over HTTPS, so using your standard widget isn't possible without producing a security error in the browser.
Is there any way we can include the widget over HTTPS?
Is there any way we can include the widget over HTTPS?
22
people have this question
I have this question, too!
Tell me when someone answers.
The more people who ask this question, the more it gets noticed.
The more people who ask this question, the more it gets noticed.
The company marked this question as answered.
The best answer from the company
-
I'm happy to say that we have completed the SSL compatible version of our widget! It is going to be deployed as part of a code release at midnight tonight, but before we announce it generally I'd like to invite those of you in this conversation to be the first to test it out.
To make this work, you can simply change any url in the embed code to reference https rather than http.
Thanks everyone for your feedback and prompting.
I’m relieved
The company and 1 other person say
this answers the question
-
Inappropriate?At present, you can't do this very cleanly. We've had this request once before, and we came to the conclusion that adding another ops issue (managing the SSL setup accross our servers and running processes) wasn't the best choice to make with all of the other issues on our plate. However, you have a couple options.
However, if you don't mind getting your hands a little dirty, we can easily work together to proxy requests through your server to retrieve the json and provide it back to the client. We had done something similar, piping requests on our server back to the hKit microformat parser web service. Really very simple to do.
2 people say
this answers the question
-
Inappropriate?I am affected by this as well. We'll have to do extra work to bounce the user to a http version of the page.
-
Inappropriate?Brian, you guys are php right?
I could probably hack out a clone of the widgets using our new help center code in about an hour or three. Do you just want a php function that you can call to to get some html output like the widget? -
Inappropriate?Oh, I forgot to mention, since this question got bumped because of a "I have this question too click"
While we can't do SSL right now, we're going to be looking to get our ops situation in shape over the summer and into the fall. We don't have a dedicated ops guy, and I end up doing everything during the nights and weekends so it is slow going.
SSL is in the cards, but it may be a couple months. -
Inappropriate?Heh, we also have this problem with one of our Rails apps.
I guess we could parse the topic RSS feed server side instead of using the JavaScript widget. Some caching would probably also be useful to avoid the performance hit. -
Inappropriate?kasperg, using the API would probably be easier than the RSS feeds if you are interested.
It spits out either Atom or JSON. If you are interested, I'd be happy to help with any questions you have. -
Inappropriate?Hi there! We're going to redo out help page later this year, so I think that will be a good opportunity to use the code proxy the requests on HTTPS connections. Thanks -- we'll synch back up :)
I’m thankful
-
1 Comment Add a comment
This answers the question
-
good to here! -
Inappropriate?Hi again
Does the new Feedback Widget support HTTPS? -
Inappropriate?It will in about a week :)1 Comment Add a comment
This answers the question
-
Thank you Scott, fantastic news!
-
-
-
Inappropriate?Erk! +1 too! We're having to switch off the widget on our secure pages until this is sorted.
Please hurry - and everyone else, make sure you've clicked "I have this question too".
I’m sad that this wasn't taken into account...
1 Comment Add a comment
This answers the question
-
We're hurrying!
-
-
Inappropriate?Any word yet? Dying to put this back up.2 Comments Add a comment
This answers the question
-
And, while you're at it, can we get the official definition of one standard Get Satisfaction week? ;o)
-
We're still working on it. It's the "We don't have enough developers and too many things to do" syndrome holding it up.
-
Inappropriate?C'mon guys!!! I can't believe you have all those top tier companies using your widgets and HTTPS hasn't been given a higher priority... This thread is 1 YEAR OLD now and 3 months ago you said it would be ready in a week.
I’m sad
1 Comment Add a comment
This answers the question
-
We're doing our best, Gavin.
-
-
Inappropriate?This is a bump. We really need SSL widget support, for the same IE related issues that everyone else has.
I’m going to get a lot of complaints from my users
-
-
Inappropriate?come on, right now my choice is either you or your competition. please release a supported ssl verion
I’m frustrated
1 Comment Add a comment
This answers the question
-
Tim-My company is also considering Get Satisfaction but it is useless without the ssl version. While I hope GS is able to release this version later this month, they first indicated 9 months ago that it might be a couple of months. I'm new to this and am interested in who the competition is as we want to see what else is out there. Any guidance?
-
Inappropriate?Indeed, SSL support is being released later this month. Apologies for not completing it sooner!
-
Inappropriate?I am also really looking forward to an ssl version of the widget. I currently have to remove the tab for IE users.
I’m frustrated
-
Inappropriate?I notice you are using S3 to host the javascript and CSS. You know S3 supports SSL out of the gate right? Just swap the http on the front of the URL with https and it just works. Except that the CSS file that is loaded includes images that are not https. We can't use Get Satisfaction in our app until this is fixed.
I’m frustrated
-
Inappropriate?To clarify from my previous comment.
This file:
http://s3.amazonaws.com/getsatisfacti...
is also available from this URL:
https://s3.amazonaws.com/getsatisfact...
But the hitch is that the CSS code in the file above loads these 3 images:
http://s3.amazonaws.com/getsatisfacti...
http://s3.amazonaws.com/getsatisfacti...
http://s3.amazonaws.com/getsatisfacti...
From non https URLs. If you just posted an alternate version of the CSS file using https urls for the images above AND users who need SSL support use the https protocol to get the "secure" version of this file from S3, then this issue goes away.
In the meantime, I just copied the feedback.css file into my app with the corrections above, and am hosting it behind an SSL server.
All the IE errors are now gone for us.
I hope this helps!
-
Inappropriate?One more clarification. We still get the security warnings in IE when we click on the "feedback" button. This is still a major issue. But at least now we don't get a security warning on every single page that includes the feedback widget.
I’m indifferent
-
Inappropriate?Thanks, Mason. I appreciate the detailed feedback. We're queuing this up for fixing next.
I’m thankful
-
Inappropriate?Is there a solution yet for this? -
-
Inappropriate?Please, get your act together guys. You offer customer support for businesses who, understandably are going to have user experiences that are in https. This issue is a year old. This is not rocket science. Give us a config option that turns https on and then use https when you generate the calls to your assets on amazon. There's nothing to do here other than do it.
" Scott Fleckenstein, Official Rep, replied 5 months ago
It will in about a week :) "
And one more thing, if you're going to post that a feature will be ready in about a week, it better not still be open 5 MONTHS LATER.
I’m angry
-
Inappropriate?Aaron,
I'm sorry that we haven't been able to finish this yet. If you've ever worked in a startup environment, you know that a million different things have to get done, and sometimes they pile up and get reprioritized. I'm sorry this isn't acceptable for you. I can't offer anything beyond a "It's still on the roadmap, and we'll get to it as soon as we can". Getting angry at us won't make it come any faster... we're already trying our hardest.1 Comment Add a comment
This answers the question
-
Please realize the ssl support. We had to deactivate the widget on a customers website, because it wasn't acceptable to see the unsecure connection warning from the IE. :-(
Missing SSL support leads to refusing getsatisfaction. -
Inappropriate?I work at a startup, too. There's always a long list of features and bugs and you have to prioritize. What it says about your organization that this bug has languished for so long is that this is not a priority despite the fact that so many have complained about it. So rather than say that it's on your roadmap or that it should be ready in a week or a month, be honest to your customers and cop to the fact that you have bigger fish to fry.
That said, my company pays for this service and we expect better support. Additionally, adding https to a url is not something that takes time. It's a simple conditional. If it required that you set up ssl certificates that didn't exist that might account for a small additional portion of time, but given that the javascript is available over ssl this doesn't seem to be the hold up.
So yes, you have a full plate and I'm sure you're busy and what you are working on is important and quite likely more important to your business, but not necessarily to mine. Using your widget in our application means all IE users (damn them) get a warning about non-secure items. This means that my own customer service is suffering because of something you haven't fixed yet. That, in my book, means it should trump whatever features you might be working on. This is not the kind of thing that is so challenging that it should take a year, or a month, or really even a week, to address.
I’m perhaps not angry, but still frustrated.
8 Comments Add a comment
This answers the question
-
I would recommend that since you don't yet have a contract, you put pressure on Lane or whoever you are in talks with to get my managers to reprioritize this.
-
We'll make sure your voice is heard on this one, Aaron, and share this with the team.
-
Aaron, you're absolutely right that we shouldn't have publicly said this feature would be done on a schedule that we weren't 100% committed to. We don't do that anymore, as you can see from the response from Scott.
This is not a bug, though, and in my opinion doesn't reflect lack of support for our customers. Of course, this needs to get done, and of course we need to complete our other critical tasks. Most importantly, we need to have a better way of communicating our product roadmap to our customers. In my new role as CTO this is very important to me.
A few final words: if this was a trivial fix it would have been done months ago. Unfortunately, we hit an issue related to our systems architecture (asset servers in particular) that required some bigger changes.
Thanks as ever for the feedback. We definitely understand how important this feature is to get done. -
As I said, I also work at a startup. I know what it's like to have a bazillion things to get done and only a few people to do it. Managing SSL certificates and whatnot is never fun.
My only real issue here is that the issue has been open for a year. That to me is unacceptable. If you look at the history of this thread you'll see comments consistently across that time span. Numerous people have asked you about it. I think it says a lot that this issue is still unresolved (and there's a certain irony given the nature of your business).
The fact that you communicated that it would be available soon isn't unforgivable as we all look at problems and set out to tackle them only to uncover more complex issues that require a greater investment int time that perhaps we cannot spare. But to not come back after a week and say, hey, this thing is harder than we thought. We're going to work on it, but we have X, Y, and Z which think are likely more important for you and we're going to focus on those issues first. But instead there are later apologies and equivocations.
For a company focused on helping businesses manage customer feedback, this is a poor example and it makes me seriously reconsider if yours is the best solution for us and our customers. I don't say these things as some idle threat or anything. I genuinely care when I see an otherwise good product sullied by a small detail, otherwise I wouldn't spend my time writing this out.
I have a short term compromise for you. Give us the ability to host the images ourselves. Let us download these 3 or 4 images and put them on our local servers and configure the widget to point to a path on our (SSL) hosts. It would be a quick way for you to provide a work around for this issue until you can figure out your architecture issues. -
I'm certainly open to any solutions that work for you guys. I will check into the tasks required for a workaround like you propose relative to the remaining work on our end to add the SSL functionality properly and get back to you later today with next steps.
-
Amazon S3 hosts SSL assets just fine. Perhaps posting the images and related stylesheets there will quickly and easily solve that problem!
-
I can announce formally that we are prioritizing the completion this feature. Rather than spending time with any half-measures we're just going to get it done right. Thank you all for keeping the pressure on. I will update further when I have more information.
-
That is good news. Thank you for listening to the users. This is the primary reason we can't pay for GetSatisfaction, and look forward to running GS over SSL.
-
Inappropriate?I work for a startup too. And, I like ponies.
2 people say
this answers the question
3 Comments Add a comment
This answers the question
-
Thank you, sir, for this much needed dose of levity. It really did make me LOL. :)
-
If GSFN had favorites, this would be one for me.
-
+1 -- this problem makes for a terrible experience for our IE users on HTTPS
-
Inappropriate?I just had a small and responsible party in my mind. Thanks Thor.
-
Inappropriate?I'm happy to say that we have completed the SSL compatible version of our widget! It is going to be deployed as part of a code release at midnight tonight, but before we announce it generally I'd like to invite those of you in this conversation to be the first to test it out.
To make this work, you can simply change any url in the embed code to reference https rather than http.
Thanks everyone for your feedback and prompting.
I’m relieved
The company and 1 other person say
this answers the question
1 Comment Add a comment
This answers the question
-
Fantastic news. Thank you GetSatisfaction peeps.
-
Inappropriate?I believe I've done what you suggested, but IE6/7 are complaining about SSL vs non-SSL code being on the site.
The code is live here: https://ssl.vuzit.com/page/sign_in
If I remove the GS widget, then I don't see the error. Would you mind giving me some pointers? If you believe it's something else on the page (I'm convinced it isn't), then let me know and I'll setup a side-by-side example with/without the GS widget.
I’m confused
3 Comments Add a comment
This answers the question
-
I'll have to round up someone with a bit more technical expertise than myself. Let me get back to you.
-
It will get fixed before the night is over. My Bad.
-
It appears to be fixed. Thank you! -Chris
-
Inappropriate?Is it possible to embed the HTTPS version of the widget in a non-HTTPS page?
I've forced is_ssl to be true but that has made no difference.
I’m confused
-
Inappropriate?We run the auto ssl detection in multiple places. You won't be able to force it unless you download the feedback-v2 javascript, host it yourself and edit it.
I don't recommend that, and in general I wouldn't recommend using the ssl widget unless you are embedding it in an ssl host page. You'll be throwing up annoying security warnings to your IE users. Plus, your users won't be able to take advantage of caching, making for a slower experience overall.
Is there a particular reason you want to embed the ssl version in a non-ssl host page? I'm curious about the use case.
-Scott1 Comment Add a comment
This answers the question
-
It's on a page that isn't SSL - and has no reason to be (a home page that is visible to everyone). I would like to embed the SSL version so that anyone logging into the widget isn't sending their passwords for GS unencrypted :-)
EMPLOYEE
EMPLOYEE
