|Reported by:||johnbillion||Owned by:||johnbillion|
Description (last modified by johnbillion)
We need to audit our oEmbed providers and determine:
- Which ones don't support embedding an https URL
- Which ones don't support embedding content over SSL
If we have providers in core which do not support embedding content over SSL then we (or the WP.com team) should make contact and see if they're open to implementing it. This is pretty much a prerequisite for #28249 as it stands.
|Provider||Core supports HTTPS URL||Endpoint recognises HTTPS URL||Embed supports HTTPS||Notes|
|blip.tv||No||No||-||Their website resolves over SSL but is broken|
|dailymotion.com||Yes||Yes||Nearly||Embeds are served over HTTPS if the oEmbed endpoint uses HTTPS (example)|
|dai.ly||No||No||-||Invalid SSL certificate (points to dailymotion.com)|
|hulu.com||Yes||Yes||No||Invalid SSL certificate (points to Akamai)|
|revision3.com||No||No||-||Mixed content when viewing the site over HTTPS.|
|photobucket.com||No||Yes||No||Site doesn't resolve over HTTPS|
|scribd.com||Yes||No||-||HTTPS site redirects to HTTP site|
|poll.fm||Yes||Yes||Yes||Invalid SSL certificate (points to polldaddy.com)|
|funnyordie.com||Yes||Yes||No||Invalid SSL certificate (points to Akamai)|
|instagram.com||No||No||-||HTTPS site redirects to HTTP|
|instagr.am||No||No||-||Invalid SSL certificate (points to instagram.com)|
|ted.com||Yes||Yes||Yes||Almost there, just some mixed content in embeds|
|animoto.com||Yes||Yes||Yes||HTTPS embeds by default, but mixed content when playing an embed|
|video214.com||Yes||Yes||Yes||HTTPS embeds by default, but mixed content when playing an embed|
Recently fixed providers:
- flic.kr - HTTPS everywhere. Regex corrected in r28834.
- slideshare.net - HTTPS embeds since r28834.
- wordpress.tv - HTTPS embeds for HTTPS URLs.
- meetup.com and meetu.ps- HTTPS embeds for HTTPS URLs.
- youtube.com and youtu.be - HTTPS embeds via the scheme=https parameter.
- vimeo.com - Embeds are protocol-relative.
- flickr.com - HTTPS everywhere (same for flic.kr).
- twitter.com - HTTPS everywhere.
- soundcloud.com - HTTPS everywhere. (Minor note: their oEmbed response includes an http URL for the thumbnail on their CDN, but it resolves over https if you change it.)
- rdio.com and rd.io - HTTPS embeds by default.
- spotify.com - HTTPS everywhere.
- mixcloud.com - Embeds are protocol-relative.
Change History (42)
comment:22 follow-up: ↓ 23 @johnbillion — 7 months ago
- Keywords has-patch removed
- Milestone changed from 4.0 to Future Release
comment:35 @johnbillion — 7 months ago
- Description modified (diff)
- Owner set to johnbillion
- Status changed from new to accepted