Restrict embedded video to HTTPS

calmh · September 11, 2020, 10:46am

We run our forum on HTTPS, as everyone should. Sometimes people drop a video link, like

![Some description|video](http://example.com/some-video.mkv)

which renders as an embedded video. Since the link is HTTP it will however also trigger an ugly “This site is insecure” note in the browser due to mixed content.

It would be nice to have a switch for never embedding content from HTTP URLs. (Just showing the link instead or something like that would be fine I think.)

(Something like this appears to be in place already for still images? I don’t have too many examples to try but I didn’t manage to create an HTTP link to an image that actually embedded properly. Though it shows as a broken-image icon.)

codinghorror · January 3, 2021, 7:01am

The difference is that Discourse (by default) attempts to mirror hotlinked images so you don’t end up with broken images 10 years later when that particular hotlinked image inevitably disappears from the internet.

We don’t do this for videos because it’d be cost and bandwidth prohibitive.

Topic		Replies	Views
Make auto-linked URLs use HTTPS Support	17	779	November 20, 2023
How do I stop a Youtube video from embedding? Support	9	1595	December 9, 2018
Images not loading - Possible HTTPS issue Support	4	1029	June 15, 2024
Videos are not being embedded Support	2	375	November 30, 2023
HTTPS support - Error Embedding Support	7	1602	April 24, 2023

Restrict embedded video to HTTPS

Related Topics