Make WordPress Core

Changes between Initial Version and Version 35 of Ticket #28507


Ignore:
Timestamp:
08/13/2014 12:09:39 AM (10 years ago)
Author:
johnbillion
Comment:

I've added a tabular view to the ticket description to aid our sanity.

My task list:

  • Audit the providers that we've added in 4.0
  • Find a meetu.ps URL to audit
  • Switch polldaddy.com oEmbed endpoint to HTTPS as it now redirects there

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #28507

    • Property Owner set to johnbillion
    • Property Status changed from new to accepted
    • Property Milestone changed from 4.0 to Future Release
  • Ticket #28507 – Description

    initial v35  
    66If we have providers in core which do not support embedding content over SSL then we (or the WP.com team) should make contact and see if they're open to implementing it. This is pretty much a prerequisite for #28249 as it stands.
    77
    8 I'll do the initial audit shortly and see where we get.
     8----
     9
     10Problem providers:
     11
     12||=Provider=||=Core supports HTTPS URL=||=Endpoint recognises HTTPS URL||Embed supports HTTPS=||=Notes=||
     13||blip.tv||'''No'''||'''[http://blip.tv/oembed?url=https://blip.tv/stylestar/shine-6866879 No]'''||-||Their website resolves over SSL but is broken||
     14||dailymotion.com||Yes||[http://www.dailymotion.com/services/oembed?url=https://www.dailymotion.com/video/x1z6k7r_putin-says-ukrainian-gas-price-demands-force-talks-into-dead-end_news Yes]||Nearly||Embeds are served over HTTPS if the oEmbed endpoint uses HTTPS ([https://www.dailymotion.com/services/oembed?url=https://www.dailymotion.com/video/x1z6k7r_putin-says-ukrainian-gas-price-demands-force-talks-into-dead-end_news example])||
     15||dai.ly||'''No'''||'''[http://www.dailymotion.com/services/oembed?url=https://dai.ly/x1z6k7r_putin-says-ukrainian-gas-price-demands-force-talks-into-dead-end_news No]'''||-||Invalid SSL certificate (points to dailymotion.com)||
     16||smugmug.com||Yes||[http://api.smugmug.com/services/oembed?url=https://gilmarphotography.smugmug.com/Galleries/Hamburger-Hat/i-TtMhZ3v/A&format=json Yes]||'''No'''||-||
     17||hulu.com||Yes||[http://www.hulu.com/api/oembed.json?url=https://www.hulu.com/watch/647281 Yes]||'''No'''||Invalid SSL certificate (points to Akamai)||
     18||revision3.com||'''No'''||'''[https://revision3.com/api/oembed?url=https://revision3.com/sourcefednerd/game-of-thrones-the-watchers-on-the-wall-reviewed/ No]'''||-||Mixed content when viewing the site over HTTPS.||
     19||photobucket.com||'''No'''||[http://photobucket.com/oembed?url=https://i199.photobucket.com/albums/aa117/vchartman/weather/bearintherain-1.gif Yes]||'''No'''||Site doesn't resolve over HTTPS||
     20||scribd.com||Yes||'''[http://www.scribd.com/services/oembed?format=json&url=https%3A%2F%2Fwww.scribd.com%2Fdoc%2F65793063%2FMuestra-Comic-Asterix-II No]'''||-||HTTPS site redirects to HTTP site||
     21||poll.fm||Yes||[https://polldaddy.com/oembed/?url=https://poll.fm/4tzp6 Yes]||Yes||Invalid SSL certificate (points to polldaddy.com)||
     22||funnyordie.com||Yes||[http://www.funnyordie.com/oembed?url=https%3A%2F%2Fwww.funnyordie.com%2Fvideos%2F82e2ad3eaa%2Fthrowing-shade-47-summer-vacay-and-guest-mo&format=json Yes]||'''No'''||Invalid SSL certificate (points to Akamai)||
     23||instagram.com||'''No'''||'''[http://api.instagram.com/oembed?url=https://instagram.com/p/rR9ZOSCjc_/ No]'''||-||HTTPS site redirects to HTTP||
     24||instagr.am||'''No'''||'''[http://api.instagram.com/oembed?url=https://instagr.am/p/rR9ZOSCjc_/ No]'''||-||Invalid SSL certificate (points to instagram.com)||
     25||imgur.com||Yes||[http://api.imgur.com/oembed?url=https://imgur.com/gallery/9dlrs Yes]||'''No'''||-||
     26||meetu.ps||Yes||?||?||?||
     27||collegehumor.com||Yes||[http://www.collegehumor.com/oembed.json?url=https://www.collegehumor.com/video/6970155/collegehumor-all-nighter-14-batman-of-the-office Yes]||'''No'''||-||
     28||ted.com||Yes||[http://www.ted.com/talks/oembed.json?url=https://www.ted.com/talks/jill_bolte_taylor_s_powerful_stroke_of_insight.html Yes]||Yes||Almost there, just some mixed content in embeds||
     29
     30Recently fixed providers:
     31
     32 * '''flic.kr'''
     33 * '''slideshare.net'''
     34 * '''wordpress.tv'''
     35 * '''meetup.com'''
     36
     37Ok providers:
     38
     39 * '''youtube.com''' and '''youtu.be''' - SSL embeds via the `scheme=https` parameter.
     40 * '''vimeo.com''' - Embeds are protocol-relative.
     41 * '''flickr.com''' - SSL everywhere (same for flic.kr).
     42 * '''polldaddy.com''' - Embeds are served over SSL if the parent container uses SSL. Effectively protocol-relative via JavaScript.
     43 * '''twitter.com''' - SSL everywhere.
     44 * '''soundcloud.com''' - SSL everywhere. (Minor note: their oEmbed response includes an `http` URL for the thumbnail on their CDN, but it resolves over `https` if you change it.)
     45 * '''rdio.com''' and '''rd.io''' - SSL embeds by default.
     46 * '''spotify.com''' - SSL everywhere.
     47 * '''issuu.com''' - Embeds are served over SSL if the parent container uses SSL. Effectively protocol-relative via JavaScript.
     48 * '''mixcloud.com''' - Embeds are protocol-relative.