Improve behavior of custom embed w.r.t. https

Instead of silently failing when browser policy blocks HTTP embeds over HTTPS, pre-fill the video div with an error message and attempt to salvage the link with s/http/https/g.
2014-12-10 23:56:17 -06:00 · 2014-12-10 23:56:17 -06:00 · a3a9fa074e
commit a3a9fa074e
parent db56a8869d
2 changed files with 25 additions and 0 deletions
--- a/www/js/player.js
+++ b/www/js/player.js
@ -863,6 +863,29 @@ var CustomPlayer = function (data) {
        removeOld();
        var div = $("#ytapiplayer");
        div.attr("id", "");
+
+        /*
+         * 2014-12-10
+         *
+         * If a user is connected via HTTPS and the custom link is
+         * HTTP, then the embed fails due to mixed active content
+         * policy.  Display a message indicating this.
+         */
+        if (location.protocol.match(/^https/) &&
+            self.videoId.match(/http:/)) {
+
+            div.html("You are currently connected via HTTPS but " +
+                "the custom embed link uses non-secure HTTP.  " +
+                "Your browser may therefore block it from loading.  " +
+                "To fix this, either add the custom embed as a secure " +
+                "URL (https://...) if the source supports it, or " +
+                "visit this page over plain HTTP (your websocket will still " +
+                "use secure HTTPS for communication, just the page " +
+                "will load over plain HTTP).");
+
+            // Try to salvage the link
+            self.videoId = self.videoId.replace(/http:/g, "https:");
+        }
        div.append(self.videoId);

        self.player = div.find("iframe");