We have a site that is about to be put under SSL. Per this thread on StackOverflow, we're concerned about security warnings in IE.
http://stackoverflow.com/questions/2388327/internet-explorer-warning-whe...
I have looked at the media_youtube.module and seen the handful of places where "http" would need to be replaced to be "https". I did so as a test and it worked fine - YouTube serves up the video w/o a problem. (Though the test is not yet complete because our site does not have the the SSL.)
https://www.youtube.com/watch?v=RuzdGiW90Zs
Would be great to have this as a configuration option. Thanks!
Comment | File | Size | Author |
---|---|---|---|
#7 | https_embed_and_thumbnails-1100464-8436097.patch | 2.35 KB | liggitt |
#9 | media_youtube-https_variable-1100464-9.patch | 7.52 KB | yan |
#10 | D6_6.x-1.3_media_youtube_https-1100464-10.patch | 8.03 KB | herved |
#10 | D6_6.x-1.x_media_youtube_https-1100464-10.patch | 8.18 KB | herved |
Comments
Comment #1
aaron CreditAttribution: aaron commentedthe solution would be
((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS']=='on') ? 'https://' : 'http://')
in the theme layer, when creating the url for the video.Comment #2
jrsinclair CreditAttribution: jrsinclair commentedIn case anyone else is searching for a solution to this issue, you can add a function to your theme's template.php file as follows:
That should change the URIs to https without the need to add an extra .tpl.php file
That said, it would be nice if the module maintainers added this into the module itself so we didn't have to think about it...
Comment #3
JamesSharpe CreditAttribution: JamesSharpe commentedThis is also an issue with 7.x. In this case the above solution doesn't entirely work as the embed is generated via javascript so you need to modify the javascript file too.
Comment #4
Chris Dart CreditAttribution: Chris Dart commentedAnd for the vimeo module, the javascript file that needs to be updated to support this for version 7 is media_vimeo/includes/js/media_vimeo.js line 55.
My javascript for url parsing is not very good. But for the vimeo module you can edit line 55
Should/could read something like:
var site_protocol = window.location.protocol;
var vimeo_src = "://player.vimeo.com/video/";
var src = site_protocol + vimeo_src + settings.video_id;
This needs more testing to get it to work. Otherwise, just edit the js file to use https and hope that the developers add this feature in future versions.
Comment #5
laughnanSubscribe.
Comment #6
liggitt CreditAttribution: liggitt commentedFor 6.x, there are several places the links to youtube and thumbnail urls are built. Defaulting these to https works fine on http pages, and avoids "Insecure content" warnings on https pages.
Comment #7
liggitt CreditAttribution: liggitt commentedComment #8
rgchi CreditAttribution: rgchi commentedNot quite as nice as the code in comments above, but nevertheless, this hackish bit circumvented this issue.
Comment #9
yan CreditAttribution: yan commentedHere's a path against 6.x-1.x-dev that changes two things:
Comment #10
herved CreditAttribution: herved commentedHello,
Thank you @yan for the patch.
The patch works but I think media_youtube_variable_default() should return only fixed values. So I set "force_https" in it to FALSE and then I exposed a function returning 'https://' or 'http://' depending on the current protocol and this "force_https" variable.
I made 2 patches:
- D6_6.x-1.x_media_youtube_https-1100464-10.patch that can be applied on the current 6.x-1.x branch
- D6_6.x-1.3_media_youtube_https-1100464-10.patch that can be applied on the current 6.x-1.3 release
@aaron: A new release including this fix would be really nice ;)
I landed here because I had a problem with CKEditor not loading the iframe on Internet explorer (>=IE9) and showing:
I discovered that this happened only on pages having an embedded video using media youtube.
This is a security feature of IE (I didn't know about) - http://support.microsoft.com/kb/2625928 - which doesn't load iframes using http if we are in https and asks you to explicitly allow this by clicking on "Show all content" in order to load them.
Regards,
Hervé
Comment #12
kleinmp CreditAttribution: kleinmp commentedPatch #10 is working nicely for me. I'm using the html5 format and the dev version of the module.
Comment #13
joscar CreditAttribution: joscar commentedComment #15
joseph.olstadfor what its worth;
fixed in 6.x-1.x dev