[wp-trac] [WordPress Trac] #36274: Youtube oEmbed handlers should be HTTPS
WordPress Trac
noreply at wordpress.org
Fri Mar 18 22:59:16 UTC 2016
#36274: Youtube oEmbed handlers should be HTTPS
-------------------------+-----------------------------
Reporter: tollmanz | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version:
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
All of the handlers for Youtube oEmbeds utilize HTTP URIs. The HTTP URIs
redirect to HTTPS. The URIs should be hardcoded has HTTPS.
This is beneficial for performance (i.e., removes a costly redirect) and
security (i.e., mitigates a person in the middle opportunity).
The URIs I am referring to are:
{{{
'#http://((m|www)\.)?youtube\.com/watch.*#i' => array(
'http://www.youtube.com/oembed', true ),
'#https://((m|www)\.)?youtube\.com/watch.*#i' => array(
'http://www.youtube.com/oembed?scheme=https', true ),
'#http://((m|www)\.)?youtube\.com/playlist.*#i' => array(
'http://www.youtube.com/oembed', true ),
'#https://((m|www)\.)?youtube\.com/playlist.*#i' => array(
'http://www.youtube.com/oembed?scheme=https', true ),
'#http://youtu\.be/.*#i' => array(
'http://www.youtube.com/oembed', true ),
'#https://youtu\.be/.*#i' => array(
'http://www.youtube.com/oembed?scheme=https', true )
}}}
Additionally, this is a great first patch ticket.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/36274>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list