[Plugin: Youtube Feeder] SSL insecure content

  • Resolved webaware

    (@webaware)


    11 years, 11 months ago

    This plugin is loading its script and CSS using the WP_PLUGIN_URL constant instead of the plugin_dir_url() function, so it triggers insecure content warnings on SSL pages. I’ve added a “fix” for this plugin to my SSL Insecure Content Fixer plugin, but you should make the following changes to avoid these warnings without the aid of my dirty kludge 🙂 (and also avoid a WordPress debug warning)

    * use the init, wp_print_styles and wp_print_scripts actions for enqueuing scripts and CSS (i.e. they should not be enqueued until after the init action)
    * use the wp_print_styles action to enqueue your CSS, instead of printing it from wp_head action
    * use plugin_dir_url() to get your plugin dir, instead of WP_PLUGIN_URL, so that it handles the transition to SSL (HTTPS)

    Once you’ve released a version that fixes these, please let me know and I’ll remove the “fix” for your plugin.

    http://wordpress.org/extend/plugins/youtube-feeder/

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Author Andrew Ensley

    (@awensley)

    11 years, 10 months ago

    Thank you for letting me know about this. I will work on it and update here when a fix is released.

    Plugin Author Andrew Ensley

    (@awensley)

    11 years, 9 months ago

    Version 2.0.0 is out which enqueues scripts and styles properly:

    http://wordpress.org/extend/plugins/youtube-feeder/

    Thanks.

    Thread Starter webaware

    (@webaware)

    11 years, 9 months ago

    G’day Andrew, thanks for the update. I’m just removing the hack for your plugin from the SSL insecure content fixer now, and will release a new version in a minute.

    I note that you’re still embedding the Youtube videos from http:// however, so any pages using SSL and embedding Youtube will still get the warning about insecure content. You can get around that by dropping the protocol from the iframe source links, e.g. in YoutubeFeeder::youtubeMinimalStyle() you can change line 437 to this:

    $url = '//www.youtube.com/embed/' . $vid['id'] . '?' . $this->getEmbedParams($playback);

    That will embed using whichever protocol was used to load the page, http or https. You would need to apply that to the Youtube playlist script as well.

    cheers,
    Ross

    Plugin Author Andrew Ensley

    (@awensley)

    11 years, 9 months ago

    Ah, silly me. I didn’t even consider those links (duh).

    I’ll release a fix in the next couple of days (no time right now).

    Thanks for letting me know. I really appreciate the feedback.

    Plugin Author Andrew Ensley

    (@awensley)

    11 years, 9 months ago

    Version 2.0.1 is out which fixes the embed urls:

    http://wordpress.org/extend/plugins/youtube-feeder/

    I’m pretty sure I got all of them this time. 🙂

    Thread Starter webaware

    (@webaware)

    11 years, 9 months ago

    G’day Andrew, well done; I’m sure your plugin users will thank you for it 🙂

    cheers,
    Ross

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘[Plugin: Youtube Feeder] SSL insecure content’ is closed to new replies.