make default locations protocol independent

flowplayer / flowplayer

The HTML5 video player for the web

Other

1.92k stars 471 forks source link

make default locations protocol independent #30

Closed phloxic closed 11 years ago

phloxic commented 12 years ago

Can be achieved relatively simply by just omitting the http protocol for the CDN and EMBED variables.

See https://github.com/flowplayer/flowplayer/issues/6#issuecomment-9404482

phloxic commented 12 years ago

@tipiirai - I dont' have access, so here goes:

diff --git a/lib/ext/embed.js b/lib/ext/embed.js
index 09eb780..3336621 100644
--- a/lib/ext/embed.js
+++ b/lib/ext/embed.js
@@ -29,7 +29,7 @@ flowplayer(function(player, root) {
          tag.append($("<source/>", { type: "video/" + src.type, src: src.src }));
       });

-      var code = $("<foo/>", { src: "http://@EMBED/@VERSION/embed.min.js" }).append(el);
+      var code = $("<foo/>", { src: "//@EMBED/@VERSION/embed.min.js" }).append(el);
       return $("<p/>").append(code).html().replace(/<(\/?)foo/g, "<$1script");
    };

diff --git a/lib/flowplayer.js b/lib/flowplayer.js
index 9bb3e24..f1751f3 100644
--- a/lib/flowplayer.js
+++ b/lib/flowplayer.js
@@ -45,7 +45,7 @@ $.extend(flowplayer, {

       splash: false,

-      swf: "http://@CDN/@VERSION/@CDN_PATHflowplayer.swf",
+      swf: "//@CDN/@VERSION/@CDN_PATHflowplayer.swf",

       // initial volume level
       volume: 0.8,

phloxic commented 12 years ago

Ah, no - works only for releases.flowplayer.org and the swf - embed.flowplayer.org is not reachable via https. But it definitely should be. Especially for embedding you want to avoid protocol clashes!

tipiirai commented 12 years ago

@courtneycouch can you make embed.flowplayer.org reachable by https ?

tipiirai commented 12 years ago

@courtneycouch ping.

phloxic commented 11 years ago

embed.min.js loads jQuery via https - why?

courtneycouch commented 11 years ago

@tipiirai

just now saw this. embed.flowplayer.org cannot be reachable by https unless we shift to s3 domains, or cloudfront domains and use their shared cert OR we use our own cert and then serve through our proxy server.

so https options:

use s3 or cloudfront domain instead of embed.flowplayer.org
get an https cert and proxy the requests through our flowplayer proxy

phloxic commented 11 years ago

@tipiirai, @courtneycouch - also be aware that for many (especially corporate, i.e. big customers, unlimited) embedding via a domain not under their control is not an option. We need to offer an embedding mechanism which can be setup by the user too. If this is too much of a hassle to sort out reliably, maybe a rethink of the embedding mechanism (which has to be done anyway fo the cases mentioned) is in order.

phloxic commented 11 years ago

Same for analytics:

$.getScript('//google-analytics.com/ga.js');

should work fine.

See: http://flowplayer.org/forum/#!/moot/10370

phloxic commented 11 years ago

This one is solved afaics.