ESI code returned when making jsonp request on http://

geordiemhall commented 7 years ago

Hi there,

(Not sure if it's already been reported/noticed, but can't really see anything about it so will make an issue just in case.)

It looks like something has recently changed/broken, and now a noembed jsonp request to http:// will redirect through to https:// but with ESI code in place of the callback param, which is then output in the final json.

Eg. http://noembed.com/embed?callback=something&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2zwhru6VxgQ

will redirect through to https://noembed.com/embed?callback=%3Cesi%3Ainclude%20src%3D%22%2Fesi%2Fjsonp-callback%22%2F%3E&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2zwhru6VxgQ

Which then returns the following jsonp to the browser, which chokes on the <esi:include tag:

/**/ <esi:include src="/esi/jsonp-callback"/>({"thumbnail_width":480,"height":270,"author_name":"LÃ©iki UÃ«da","author_url":"https://www.youtube.com/channel/UCUfpQmWcv3JsVkQUGv8w__w","html":"\n<iframe width=\" 480\" height=\"270\" src=\"https://www.youtube.com/embed/2zwhru6VxgQ?feature=oembed\" frameborder=\"0\" allowfullscreen=\"allowfullscreen\"></iframe>\n","thumbnail_url":"https://i.ytimg.com/vi/2zwhru6VxgQ/hqdefault.jpg","version":"1.0","title":"Star Wars : Main Theme for Virtuosic Piano Solo | LÃ©iki UÃ«da","provider_name":"YouTube","type":"video","provider_url":"https://www.youtube.com/","thumbnail_height":360,"url":"https://www.youtube.com/watch?v=2zwhru6VxgQ","width":480})

Not sure if it's something on Fastly's end, or if it's anything you have control over.

Switching to just requesting https:// directly seems to fix (eg. https://noembed.com/embed?callback=something&url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D2zwhru6VxgQ ).

Cheers, Geordie