|Reported by:||johnbillion||Owned by:||johnbillion|
Description (last modified by johnbillion)
We need to audit our oEmbed providers and determine:
- Which ones don't support embedding an https URL
- Which ones don't support embedding content over SSL
If we have providers in core which do not support embedding content over SSL then we (or the WP.com team) should make contact and see if they're open to implementing it. This is pretty much a prerequisite for #28249 as it stands.
|Provider||Core supports HTTPS URL||Endpoint recognises HTTPS URL||Embed supports HTTPS||Notes|
|dai.ly||No||No||-||Invalid SSL certificate (points to dailymotion.com)|
|hulu.com||Yes||Yes||No||Invalid SSL certificate (points to Akamai)|
|photobucket.com||No||Yes||No||Site doesn't resolve over HTTPS|
|poll.fm||Yes||Yes||Yes||Invalid SSL certificate (points to polldaddy.com)|
|instagr.am||Yes||Yes||-||Invalid SSL certificate (points to instagram.com)|
|ted.com||Yes||Yes||Yes||Almost there, just some mixed content in embeds|
|kck.st||Yes||Yes||-||Domain isn't available over HTTPS|
Recently fixed providers:
- flic.kr - HTTPS everywhere. Regex corrected in r28834.
- slideshare.net - HTTPS embeds since r28834.
- wordpress.tv - HTTPS embeds for HTTPS URLs.
- meetup.com and meetu.ps- HTTPS embeds for HTTPS URLs.
- instagram.com - HTTPS everywhere since r31710.
- dailymotion.com - Uses the HTTPS oEmbed endpoint since r34587.
- smugmug.com - Embeds now use HTTPS by default.
- funnyordie.com - Embeds are now protocol-relative and cert is now valid.
- imgur.com - Embeds are now protocol-relative.
- collegehumor.com - HTTPS embeds for HTTPS URLs.
- animoto.com and video214.com - Embeds now use HTTPS by default. See also r34588.
- youtube.com and youtu.be - HTTPS embeds via the scheme=https parameter.
- vimeo.com - Embeds are protocol-relative.
- flickr.com - HTTPS everywhere (same for flic.kr).
- twitter.com - HTTPS everywhere.
- soundcloud.com - HTTPS everywhere. (Minor note: their oEmbed response includes an http URL for the thumbnail on their CDN, but it resolves over https if you change it.)
- rdio.com and rd.io - HTTPS embeds by default.
- spotify.com - HTTPS everywhere.
- mixcloud.com - Embeds are protocol-relative.
- tumblr.com - Embeds are partly HTTPS and partly protocol-relative.
- vine.co - HTTPS everywhere.
- scribd.com - HTTPS embeds by default.
Change History (63)
comment:22 follow-up: ↓ 23 @johnbillion — 15 months ago
- Keywords has-patch removed
- Milestone changed from 4.0 to Future Release
comment:35 @johnbillion — 14 months ago
- Description modified (diff)
- Owner set to johnbillion
- Status changed from new to accepted