No internet connection
  1. Home
  2. Support

Can I test Talkyard on a local static site before deploying?

By Jason @detly
    2018-04-19 12:10:44.744Z

    I like to preview my statically generated site (Octopress/Jekyll) on my local machine or an internal server before deploying to the public server. Is it possible to test talkyard.net hosted comments in such a setup?

    Solved in post #2, click to view
    • 7 replies
    1. KajMagnus @KajMagnus2018-04-19 14:18:43.017Z2018-04-21 06:54:20.004Z

      Yes, in the admin area of the embedded comments site (i.e. https://comments-for-....talkyard.net) there's this setting: Allow embedding from (in the Settings tab, the Embedded Comments sub tab). Edit it and add http://localhost:4000 e.g.:

      https://your.blog.com  http://localhost:4000
      

      Then you can show the embedded comments, both at your.blog.com and also in a local Jekyll server at localhost:4000.

      EDIT: 4000 above should be the port that the local web server listens on. Maybe it listens on port 8000 not 4000 — then, add http://localhost:8000 instead. (I wrote 4000 because apparently that's what Jekyll listens on by default)

      ReplySolution
      1. DJason @detly
          2018-04-19 21:43:37.485Z

          Makes sense! Although could be a security issue while it's enabled — anyone can control their own localhost:4000 even when they can't control my real domain. (Perhaps solvable by having a private token for localhost usage? I'm not sure.) But it'll work for now, thanks.

          1. Interesting question. If someone starts a local server on localhost:4000 and embeds your comments, s/he won't be able to see anything more than what's publicly available via your real website / blog already. So, normally (& in your case), this is not a problem.

            If however one has a blog that is hidden behind a login screen — then, the embedded comments would still be accessible via https://comments-for- ... .talkyard.net (and could be embedded on someone's localhost:4000 website too). One would then need to edit the Talkyard admin settings and make the comments site private, visible only after login. But currently this wouldn't integrate well with the login system used by the blog. I'd need to add single-sign-on functionality.

            1. DJason @detly
                2018-04-21 08:38:07.021Z

                Hah, I thought of a different threat model: if you've got a predictable post URL (eg. date based) then someone could post a bunch of spammy comments before you publish (especially bad if you schedule publishing for later and aren't keeping an eye on it).

                1. KajMagnus @KajMagnus2018-04-21 11:08:38.186Z2018-04-21 11:19:31.420Z

                  Ok yes that seems like a security issue. (And a minor one, I'd say, in comparison to other things that might happen, e.g. personal data leaks.) ... Edit: Hmm, (10 min later) or, no... I don't think it is, look at the "on the other hand" text I appended at the end of this comment. /Edit

                  Another way someone could get to know about the URL for a future post, could be if there's a company, and someone says "We've scheduled auto-publishing of a post about ...., on Friday night, here: http://....." and then an angry employee posts angry-kittens pics at that URL.

                  I think this can be done also without http://localhost:4000 I think — if one e.g. edits one's hosts file and maps the embedding server address to 127.0.0.1. Then one can open that address in a localhost server & browser, and post comments to the URL.

                  Also via cURL one can post comments to new URLs. (One then need to login in to Talkyard, and copy one's session cookie and include in the cURL request.)

                  One way to stop this, could be if the Talkyard server checks if there is actually a page at the embedding URL. Do you have any thoughts about that? Or additional ideas? Or happen to know how any other commenting system deals with this (if they do)? (I searched for sth like "disqus post to non-existing url" but found nothing)

                  Edit: Hmm on the other hand, if such a check was added, or this was "solved" in some other way... Someone could still just write a bot, that waits until the page appears and then posts the comments. Maybe the real solution to this, is instead moderator approval of everyone's first few comments. And that's already supported.

                  1. DJason @detly
                      2018-04-21 12:04:59.850Z

                      Yeah, the more I think about it the more I think there's not a threat that makes sense. I have no idea how Disqus does it, and for all I know they don't (as in, maybe you could embed someone else's comments section on your own page, just to... confuse everyone?). I do know I never had to configure Disqus specially to allow access from localhost.

            2. In reply todetly:

              You can also test Talkyard on your local laptop static site, without creating a Talkyard account at all:

              There's a Talkyard comments site, intended for testing: https://comments-demo.talkyard.io, which lets you embed it from anywhere, e.g. from localhost.

              When you configure the embedded comments, set the Talkyard server URL to https://comments-demo.talkyard.io, and you'll see how Talkyard looks, for you.

              However you won't be able to change things like the background color — because you're not an admin at the demo site. To change colors & things, you need to create your own site.


              Example: if you copy-paste the HTML below into a plain text file, with a .html suffix, and show it in a local web server on localhost, the Talkyard comments will load:

              <html>
              <head><title>Embedded comments test</title></head>
              <body style="background: #292929; color: #eee; font-family: monospace">
              <p>
              Talkyard embedded comments test page. A reply button should appear below, against a white background:
              </p>
              
              <script>talkyardServerUrl='https://comments-demo.talkyard.io';</script>
              <script async defer src="https://comments-demo.talkyard.io/-/talkyard-comments.min.js"></script>
              <!-- You can specify a per page discussion id on the next line, if your URLs might change. -->
              <div class="talkyard-comments" data-discussion-id="" style="margin-top: 45px;">
              <noscript>Please enable Javascript to view comments.</noscript>
              <p style="margin-top: 25px; opacity: 0.9; font-size: 96%">Comments powered by
              <a href="https://www.talkyard.io">Talkyard</a>.</p>
              
              <p>End of page.</p>
              </body>
              </html>