New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
embedded iframes: mixed content issue #1213
Comments
I don't think proxying would work for videos, given our current proxy Don't we only allow embedding certain content? We can make sure they Mark Smith mark@qq.is On Fri, Feb 13, 2015, at 05:34 PM, Afuna wrote:
Links: |
Sure, so the first bullet point, but applied to everything we whitelist? |
…ive URLs * ... only if they support them (all the big sites do, smaller ones may or may not). We don't want to force to https if it isn't supported because the behavior is unreliable. An http embed on https may throw up a browser warning. A non-working https embed may, e.g., show a cryptic error message about internal server error, a blank page, or (in one case) an unrelated internal service * added arguments so that we only change the URL if we're going to display the embed (as opposed to editing the embed, or cleaning for saving in the database). Fixes dreamwidth#1213.
…ive URLs * ... only if they support them (all the big sites do, smaller ones may or may not). We don't want to force to https if it isn't supported because the behavior is unreliable. An http embed on https may throw up a browser warning. A non-working https embed may, e.g., show a cryptic error message about internal server error, a blank page, or (in one case) an unrelated internal service * added arguments so that we only change the URL if we're going to display the embed (as opposed to editing the embed, or cleaning for saving in the database). Fixes dreamwidth#1213.
[#1213] Rewrites http:// video embeds to use protocol relative URLs
When a video / embed uses http instead of https, we'll run into mixed content issues.
So thoughts:
We could also try to proxy the videos, but videos are a much bigger space / bandwidth commitment than images so I'm hesitant to start with that!
The text was updated successfully, but these errors were encountered: