Restrict embedded video to HTTPS

We run our forum on HTTPS, as everyone should. Sometimes people drop a video link, like

![Some description|video](http://example.com/some-video.mkv)

which renders as an embedded video. Since the link is HTTP it will however also trigger an ugly “This site is insecure” note in the browser due to mixed content.

It would be nice to have a switch for never embedding content from HTTP URLs. (Just showing the link instead or something like that would be fine I think.)

(Something like this appears to be in place already for still images? I don’t have too many examples to try but I didn’t manage to create an HTTP link to an image that actually embedded properly. Though it shows as a broken-image icon.)

2 Likes

The difference is that Discourse (by default) attempts to mirror hotlinked images so you don’t end up with broken images 10 years later when that particular hotlinked image inevitably disappears from the internet.

We don’t do this for videos because it’d be cost and bandwidth prohibitive.

1 Like