[wp-trac] [WordPress Trac] #34588: Add a filter to disable non-SSL embeds on SSL sites
WordPress Trac
noreply at wordpress.org
Thu Nov 19 00:43:10 UTC 2015
#34588: Add a filter to disable non-SSL embeds on SSL sites
-------------------------+-----------------------
Reporter: pento | Owner: pento
Type: enhancement | Status: reopened
Priority: normal | Milestone: 4.4
Component: Embeds | Version:
Severity: normal | Resolution:
Keywords: 2nd-opinion | Focuses:
-------------------------+-----------------------
Changes (by johnbillion):
* keywords: has-patch => 2nd-opinion
* status: closed => reopened
* resolution: fixed =>
Comment:
I'm not sure that this filter is really functioning as intended.
Embedding an HTTP URL often results in an HTTPS URL being returned from
the oEmbed provider, as many of the providers force HTTPS on their sites.
The logic around the `allow_insecure_embeds` filter only checks the
requested embed URL, which means embedding a URL such as
`http://instagr.am/p/MRM3HQy6kh/` is blocked if the
`allow_insecure_embeds` filter returns false, even though the response
from Instagram's oEmbed endpoint contains an HTTPS iframe.
In addition, the phrase "cannot be embedded securely" doesn't appear in
core. It looks like this functionality has been removed. Currently looking
into it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34588#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list