YouTube (and Vimeo) URLs are hard-coded to begin with http://, which results in a security warning in some browsers when you attempt to view a page via HTTPS. The attached patch might fix this (untested so far...).

CommentFileSizeAuthor
#6 Bildschirmfoto 2013-07-31 um 12.18.45.jpg459.55 KBpaul_constantine
video_embed_field-https.patch1.77 KBpjcdawkins

Comments

pjcdawkins’s picture

pjcdawkins commented
Status: Active » Needs review

The patch seems to work nicely with YouTube.

I'm not sure what the thumbnail URL is for (whether it's fetched on the server or the client side) so that might not need changing.

jec006’s picture

jec006 commented

This seems like a good fix, I removed the thumbnail part because that request is made by the server and doesn't ever get sent forward to the client.

Committed here: http://drupalcode.org/project/video_embed_field.git/commit/042390e

jec006’s picture

jec006 commented
Status: Needs review » Fixed

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.

paul_constantine’s picture

paul_constantine commented
Version: 7.x-2.x-dev » 7.x-2.0-beta5
Status: Closed (fixed) » Needs work

Sorry to say this, but the problem is back.

If you just load the page with the video, everything is fine - got a green padlock.

As soon as you start the video, I get the mixed content warning.

Tested that on the latest version of Firefox and Chrome.

On Apple's Safari I get a save connection even it I start the video. Strange.

Got any ideas?

Cheers,
Paul

paul_constantine’s picture

paul_constantine commented
StatusFileSize
new youtube_traffic.jpg459.55 KB

Okay, it seems that YouTube is sending all kinds of stuff alongside with the actual video stream (see screenshot).

Is there any way to keep that out to recieve it in https?

pjcdawkins’s picture

pjcdawkins commented

http://apiblog.youtube.com/2011/02/https-support-for-youtube-embeds.html

It’s very important to note that this is just a first step in enabling HTTPS for the entire YouTube viewing experience. In particular, only the YouTube player code is accessible via HTTPS at this time. The actual video bitstream, and some additional content loaded by the YouTube player may still be accessed via standard HTTP connections when you use an HTTPS URL in your embed code.

paul_constantine’s picture

paul_constantine commented

So this means, that we will just have to wait for YouTube to fix this?

Only that I understand the information on the linked page correctly.

Best wishes,
Paul

plopesc’s picture

plopesc
he/him
Primary language Spanish
commented
Category: Bug report » Feature request
Issue summary: View changes
Status: Needs work » Fixed

From the point of view of the module code, this bug is already fixed.
Feel free to reopen if your problem persists.
Thank you

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.