Tweet buttons on lockdown: making the twitter-widget work over https in Rails
While working on a social-ish web application (using Rails) for a client today, I came upon the simple story “User should be able to tweet about a product”. Glancing through the twitter docs for the “tweet button” (http://twitter.com/about/resources/tweetbutton) I found that this was in fact a VERY simple deal. One imported javascript file, one html element with some configuration parameters, and we’d be in business. I would have simply written a little helper method to do the generation for the necessary strings, but in this day of micro-gems I was able to leverage the short and sweet “tweet-button” gem from Intridea (https://github.com/intridea/tweet-button).
This reduced my actual typeing effort in my application to “= tweet_button” within the HAML view file where I wanted it. Done!
….or was I?
See, ever since the firesheep incident, we’ve been using SSL for pretty much everything, so when doing my final sweep of testing on our staging server (which has SSL enabled just like production), imagine my surprise at seeing my trusty new twitter button simply not show up. This surprise was quickly resolved with a glance at twitter’s FAQ which says in no uncertain terms:
Does the Tweet Button work over HTTPS?
At the moment the Tweet Button does not work over SSL. We are looking into making this possible but for the time being we only support HTTP. If you need to use SSL we recommend you build your own Tweet Button.
Well, there goes my first idea. Building your own tweet button is pretty trivial (it’s just a link and you can use whatever image you want for the click target), but I really liked the feel of just using a helper method and the “tweet-button” gem already had so much working with the configuration parameters being nicely wrapped up in a hash parameter and everything; the only thing that was missing was it just linked to the “http” version of the twitter sharing path. Fortunately, with the help of github and bundler, this problem was super easy to solve. I forked the library to my github account, added a configuration parameter for SSL, referenced my fork in my gem file (gem “tweet-button”, :git=>”git://github.com/evizitei/tweet-button.git”) and my view code remained blissfully simple:
=custom_tweet_button(“Tweet”, ssl: true)
I guess the moral here is two-fold: first, if you want to use the tweet-button gem for your SSL protected web-application, use my fork at http://github.com/evizitei/tweet-button (of course, I have a pull request sent to Intridea, so it’s possible this will be merged into the main gem eventually). More importantly, don’t forget how easy it is to make things work the way you want them to. It was really just 2 years or so ago that I really came to the point where I cold make that statement comfortably. Coming, as I did, from the enterprise world of major releases and commercial code libraries, I was trained up in the idea that if a 3rd party library didn’t do EXACTLY what you needed, it meant a service request in accordance with an SLA or a couple weeks worth of rolling our own version of the same functionality. It’s not like that anymore, not in this community. Fork and fix, you’ll probably have the tweak you need within the day.