Earlier this year, Twitter made secured HTTPS connections to its main site the default for everyone. It was a great move forward for user privacy and security, but there was more to be done. Now, Twitter has announced that it has expanded its HTTPS support to the embedable buttons used by third party websites to tweet or follow.
This ensures that websites using HTTPS for their domain can embed the Twitter buttons without compromising user privacy.
All of the content on the page can be retrieved via encrypted connections, providing, of course, that there are no other third-party scripts, which may not use HTTPS, on the page.
“Today we are pleased to announce SSL support for our Tweet and Follow Button widgets,” Twitter announced in a post on its developers blog.
“That means that now you can add these widgets to your secure https pages, enabling users to easily share your content and follow your accounts without leaving your site,” it explained.
If you’re already using the Tweet or Follow buttons, there is probably no need to change anything, the piece of code you need to add to your site should stay the same.
To make sure that Twitter uses HTTPS when required, check to see if the code on your page uses the “//” prefix, as below. Using this code ensures that Twitter will pick either HTTP or HTTPS, depending on what the main page uses.
If you want to add a Tweet or Follow button to your page, and you don’t already have one, Twitter has instructions. Again, there’s no special configuration needed on your part, just copy the code Twitter provides.
The move makes Twitter’s HTTPS support more complete. It also makes it easier for websites to provide a secure connection to their visitors. There’s no escaping third-party scripts these days, so, even if you set up your website to use HTTPS, you can’t offer full support unless all of the scripts on a page use it as well.