Add a "--force-https" option.

[ghost]

Idea came from Noscript addon for Firefox.
So, when you have http://www.youtube.com/watch?v=qn6CMz18lkQ link, and you know its supports https and instead of adding "s" to links every time, you could just add site to config option --force-https=www.youtube.com and it will always force links from youtube to https for this site and others you add.

[vxbinaca]

Please enable this so it works on sites other than youtube.

[ghost]

Wait, is -f [protocol^=https] force http link play through https if it's available? If yes, then issue solved.

[dstftw]

It does not force but filters out. And only final format URLs.

[ghost]

#10752

@dstftw

They can provide whatever they want whichever way they want. youtube-dl just extracts what they provide no more no less.

But why be confined with this? Take web browser for example, Firefox just showing what sites provide no more no less, but if you want you can change it with options or addons.

@yan12125

In Firefox HTTP video/audio files are used even if the webpage is in HTTPS, so there's a warning in the address bar

But in Firefox you can force all video/audio files to be HTTPS if site is open in https, there is option in about:config for that, why can't it be done in youtube-dl?

[dstftw]

I've already answered you by mail why it's a bad idea.

[yan12125]

Now YouTube replies 301 for non-HTTPS connections:

$ curl -v "http://www.youtube.com/watch?v=qn6CMz18lkQ"
*   Trying 163.28.18.29...
* TCP_NODELAY set
* Connected to www.youtube.com (163.28.18.29) port 80 (#0)
> GET /watch?v=qn6CMz18lkQ HTTP/1.1
> Host: www.youtube.com
> User-Agent: curl/7.50.3
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< P3P: CP="This is not a P3P policy! See http://support.google.com/accounts/answer/151657?hl=en for more info."
< X-XSS-Protection: 1; mode=block; report=https://www.google.com/appserve/security-bugs/log/youtube
< X-Content-Type-Options: nosniff
< Location: https://www.youtube.com/watch?v=qn6CMz18lkQ
< Content-Type: text/html; charset=utf-8
< Cache-Control: no-cache
< Expires: Tue, 27 Apr 1971 19:44:06 EST
< Date: Sun, 25 Sep 2016 14:12:48 GMT
< Server: YouTubeFrontEnd
< Content-Length: 0
< Connection: Keep-Alive
< Set-Cookie: YSC=AI7hw-yNHDs; path=/; domain=.youtube.com; httponly
< Set-Cookie: VISITOR_INFO1_LIVE=VpWXzY6kR0I; path=/; domain=.youtube.com; expires=Sat, 27-May-2017 02:05:48 GMT; httponly
< 
* Curl_http_done: called premature == 0
* Connection #0 to host www.youtube.com left intact

I guess this option is no longer necessary. @vxbinaca do you have other examples?

[Hrxn]

Apart from the thing that you can't enforce https if the server doesn't play along..