use https for all embeds

[minrk]

YouTube, Vimeo, Scribd

I can't think of a reason not to, and http embeds won't work on https pages.

[Carreau]

+1

I think we should consider adding it for IFrame too. But some site can't be accessed through https...

[minrk]

I think we should consider adding it for IFrame too.

IFrame takes a whole url, we don't specify the protocol anywhere in the base IFrame, so there's nothing to change.

[Carreau]

IFrame takes a whole url, we don't specify the protocol anywhere in the base IFrame, so there's nothing to change.

But people embeding http:// url got nothing on https:// notebooks. We should ad least put a warning when using http:// don't you think ?

[minrk]

don't you think?

I don't. The browser does its own warning about untrusted content on a secure page, we don't need to double up, especially since we don't know anything about the page when the object is constructed in the Kernel.

[Carreau]

I don't. The browser does its own warning about untrusted content on a secure page.

Which most of time for IFrame is "just do nothing and show a blank area".

[takluyver]

I'd leave it up to users to write IFrames correctly for now. If it becomes a common problem, we'll think about how we might help people get it right, but I don't think we need to fix it pre-emptively.

[jasongrout]

#4904 I think is a subset of this PR.

[fperez]

+1 for merging this one in its current form.

[rgbkrk]

This is kind of moot at this point, but we could use the '//' format: //www.youtube.com/watch?v=foo. It's part of RFC #1808. That allows the browser to resolve the protocol according to the page its on.

[jasongrout]

Min pointed out that relative protocol urls (//some.address/) will cause problems with static html exports (where those urls then become file://...).

[Carreau]

I would have vote to merge @fperez one (for once) and rebase this one but too late :-)

(Ugly new github UI, confusing)