New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use https for all embeds #4903
use https for all embeds #4903
Conversation
+1 I think we should consider adding it for IFrame too. But some site can't be accessed through https... |
YouTube, Vimeo, Scribd
IFrame takes a whole url, we don't specify the protocol anywhere in the base IFrame, so there's nothing to change. |
But people embeding |
I don't. The browser does its own warning about untrusted content on a secure page, we don't need to double up, especially since we don't know anything about the page when the object is constructed in the Kernel. |
Which most of time for IFrame is "just do nothing and show a blank area". |
I'd leave it up to users to write IFrames correctly for now. If it becomes a common problem, we'll think about how we might help people get it right, but I don't think we need to fix it pre-emptively. |
#4904 I think is a subset of this PR. |
+1 for merging this one in its current form. |
This is kind of moot at this point, but we could use the '//' format: //www.youtube.com/watch?v=foo. It's part of RFC #1808. That allows the browser to resolve the protocol according to the page its on. |
Min pointed out that relative protocol urls ( |
YouTube, Vimeo, Scribd I can't think of a reason not to, and http embeds won't work on https pages.
I would have vote to merge @fperez one (for once) and rebase this one but too late :-) (Ugly new github UI, confusing) |
YouTube, Vimeo, Scribd I can't think of a reason not to, and http embeds won't work on https pages.
use https for all embeds
YouTube, Vimeo, Scribd
I can't think of a reason not to, and http embeds won't work on https pages.