hashover-next

hashover-next copied to clipboard

Hello,

I'm looking for a commenting engine to serve my Hugo-generated static websites. I like that HashOver is written in PHP since I anyway have to use PHP on the server for Matomo analytics, but wonder if single instance of HashOver can serve comments in multiple site?

YES.

1. deploy HashOver on comments.example.com
2. edit backend/classes/sensitivesettings.php， change :

   public $allowedDomains = array (
           // '*.example.com',
           // '*.example.org',
           // '*.example.net'
   );
   

   TO:

   public $allowedDomains = array (
           'www.site0.com',
           'www.site1.com'
   );
   

3. now , it works on www.site0.com and www.site1.com.

YES.

1. deploy HashOver on comments.example.com

When I tried to do that, I get CORS problem:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://hashover.tld.com/backend/comments-ajax.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://demo.tld.com’).

iow. I tried to deploy HashOver at https://hashover.tld.com to serve comments for the https://demo.tld.com site?

I also wonder about the possibility to manage all comments from the single place in regard to #284?

@gour What do you have in the $allowedDomains setting? You should only have the domain name. If you are running HashOver on hashover.tld.com the setting should contain the domain demo.tld.com. Alternatively, you can use a wildcard, like *.tld.com, this way it will work from any subdomain. Also, you may have to use the same scheme on both websites. Your error says "http://demo.tld.com" not "https://demo.tld.com", if you are using HTTPS on demo.tld.com you may also have to use HTTPS on hashover.tld.com. Check to make sure you are doing so.

As for managing all comments from a single page, the situation is the same as my response in that issue, it isn't implemented. The current plan is to add a page that uses the Latest Comments API to display the 10 most recent comments from all pages, from there a structural change to how comments are stored may be required in order to display more comments. The moderation needs to be improved altogether, but for now I don't have the time to give proper consideration to a better implementation.

@gour What do you have in the $allowedDomains setting?

I've wildcard *.tld.com and using HTTPS everywhere?

As for managing all comments from a single page, the situation is the same as my response in that issue, it isn't implemented.

OK.

@gour Is $supportsMultisites also set to true ?

@gour Is $supportsMultisites also set to true ?

I've changed it to true, but still get:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://hashover.tld.com/backend/comments-ajax.php. (Reason: CORS header ‘Access-Control-Allow-Origin’ does not match ‘http://demo.tld.com’).

and I'm puzzled why it does complain about http://demo.tld.com since it is supposed to serve via HTTPS only?

Edit: Let me add that the setup where I run Hashover is kind of semi-share hosting where Apache is running behing Ngix acting as reverse proxy, if that does matter for some reason.

@gour

Edit: Let me add that the setup where I run Hashover is kind of semi-share hosting where Apache is running behing Ngix acting as reverse proxy, if that does matter for some reason.

This may matter, yes. I actually already have code to handle this, or at least it should, but I haven't seen anyone need it. So, I will commit that code now, please test it. I think this is just a matter of HTTPS not being detected properly because of the proxy.