8 | | I'll do the initial audit shortly and see where we get. |
| 8 | ---- |
| 9 | |
| 10 | Problem providers: |
| 11 | |
| 12 | ||=Provider=||=Core supports HTTPS URL=||=Endpoint recognises HTTPS URL||Embed supports HTTPS=||=Notes=|| |
| 13 | ||blip.tv||'''No'''||'''[http://blip.tv/oembed?url=https://blip.tv/stylestar/shine-6866879 No]'''||-||Their website resolves over SSL but is broken|| |
| 14 | ||dailymotion.com||Yes||[http://www.dailymotion.com/services/oembed?url=https://www.dailymotion.com/video/x1z6k7r_putin-says-ukrainian-gas-price-demands-force-talks-into-dead-end_news Yes]||Nearly||Embeds are served over HTTPS if the oEmbed endpoint uses HTTPS ([https://www.dailymotion.com/services/oembed?url=https://www.dailymotion.com/video/x1z6k7r_putin-says-ukrainian-gas-price-demands-force-talks-into-dead-end_news example])|| |
| 15 | ||dai.ly||'''No'''||'''[http://www.dailymotion.com/services/oembed?url=https://dai.ly/x1z6k7r_putin-says-ukrainian-gas-price-demands-force-talks-into-dead-end_news No]'''||-||Invalid SSL certificate (points to dailymotion.com)|| |
| 16 | ||smugmug.com||Yes||[http://api.smugmug.com/services/oembed?url=https://gilmarphotography.smugmug.com/Galleries/Hamburger-Hat/i-TtMhZ3v/A&format=json Yes]||'''No'''||-|| |
| 17 | ||hulu.com||Yes||[http://www.hulu.com/api/oembed.json?url=https://www.hulu.com/watch/647281 Yes]||'''No'''||Invalid SSL certificate (points to Akamai)|| |
| 18 | ||revision3.com||'''No'''||'''[https://revision3.com/api/oembed?url=https://revision3.com/sourcefednerd/game-of-thrones-the-watchers-on-the-wall-reviewed/ No]'''||-||Mixed content when viewing the site over HTTPS.|| |
| 19 | ||photobucket.com||'''No'''||[http://photobucket.com/oembed?url=https://i199.photobucket.com/albums/aa117/vchartman/weather/bearintherain-1.gif Yes]||'''No'''||Site doesn't resolve over HTTPS|| |
| 20 | ||scribd.com||Yes||'''[http://www.scribd.com/services/oembed?format=json&url=https%3A%2F%2Fwww.scribd.com%2Fdoc%2F65793063%2FMuestra-Comic-Asterix-II No]'''||-||HTTPS site redirects to HTTP site|| |
| 21 | ||poll.fm||Yes||[https://polldaddy.com/oembed/?url=https://poll.fm/4tzp6 Yes]||Yes||Invalid SSL certificate (points to polldaddy.com)|| |
| 22 | ||funnyordie.com||Yes||[http://www.funnyordie.com/oembed?url=https%3A%2F%2Fwww.funnyordie.com%2Fvideos%2F82e2ad3eaa%2Fthrowing-shade-47-summer-vacay-and-guest-mo&format=json Yes]||'''No'''||Invalid SSL certificate (points to Akamai)|| |
| 23 | ||instagram.com||'''No'''||'''[http://api.instagram.com/oembed?url=https://instagram.com/p/rR9ZOSCjc_/ No]'''||-||HTTPS site redirects to HTTP|| |
| 24 | ||instagr.am||'''No'''||'''[http://api.instagram.com/oembed?url=https://instagr.am/p/rR9ZOSCjc_/ No]'''||-||Invalid SSL certificate (points to instagram.com)|| |
| 25 | ||imgur.com||Yes||[http://api.imgur.com/oembed?url=https://imgur.com/gallery/9dlrs Yes]||'''No'''||-|| |
| 26 | ||meetu.ps||Yes||?||?||?|| |
| 27 | ||collegehumor.com||Yes||[http://www.collegehumor.com/oembed.json?url=https://www.collegehumor.com/video/6970155/collegehumor-all-nighter-14-batman-of-the-office Yes]||'''No'''||-|| |
| 28 | ||ted.com||Yes||[http://www.ted.com/talks/oembed.json?url=https://www.ted.com/talks/jill_bolte_taylor_s_powerful_stroke_of_insight.html Yes]||Yes||Almost there, just some mixed content in embeds|| |
| 29 | |
| 30 | Recently fixed providers: |
| 31 | |
| 32 | * '''flic.kr''' |
| 33 | * '''slideshare.net''' |
| 34 | * '''wordpress.tv''' |
| 35 | * '''meetup.com''' |
| 36 | |
| 37 | Ok providers: |
| 38 | |
| 39 | * '''youtube.com''' and '''youtu.be''' - SSL embeds via the `scheme=https` parameter. |
| 40 | * '''vimeo.com''' - Embeds are protocol-relative. |
| 41 | * '''flickr.com''' - SSL everywhere (same for flic.kr). |
| 42 | * '''polldaddy.com''' - Embeds are served over SSL if the parent container uses SSL. Effectively protocol-relative via JavaScript. |
| 43 | * '''twitter.com''' - SSL everywhere. |
| 44 | * '''soundcloud.com''' - SSL everywhere. (Minor note: their oEmbed response includes an `http` URL for the thumbnail on their CDN, but it resolves over `https` if you change it.) |
| 45 | * '''rdio.com''' and '''rd.io''' - SSL embeds by default. |
| 46 | * '''spotify.com''' - SSL everywhere. |
| 47 | * '''issuu.com''' - Embeds are served over SSL if the parent container uses SSL. Effectively protocol-relative via JavaScript. |
| 48 | * '''mixcloud.com''' - Embeds are protocol-relative. |