HTTPS enabled but django admin EmbedVideoField is embedding unsecure HTTP

Question

HTTPS enabled but django admin EmbedVideoField is embedding unsecure HTTP

Closed this issue 6 years ago · 4 comments

It seems in the admin the form still tries to embed an HTTP video even if HTTPS is enabled and the request to page is done via HTTPS. Seems all video backends are doing this. Inspecting values in the backend.protocol() showed allow_https=True and is_secure=False which gets used when generating the url.

When I intercepted the actual request, django's request.is_secure() returns True. Seems this should be overriding the default 'False' value somehow.

The request context processor is present as well.

Answer 1 · 2018-04-06T09:19:59.000Z

Hi @chromaticgliss . This is an old issue and you probably fixed it by now but here's a solution for people who come across this:
you can change that behaviour by creating a custom backend and overriding its default behavior, i.e.:

video_backends.py

from embed_video.backends import YoutubeBackend

class SecureYoutubeBackend(YoutubeBackend):
    is_secure = True

settings.py

EMBED_VIDEO_BACKENDS = (
    'embed_video.backends.SoundCloudBackend',
    'embed_video.backends.VimeoBackend',
    # 'embed_video.backends.YoutubeBackend',
    'myapp.video_backends.SecureYoutubeBackend',
)

Properties are well summarized here

Answer 2 · 2018-04-06T11:37:23.000Z

@marcosguedes But, could not this package support this feature?

Answer 3 · 2018-04-06T12:16:53.000Z

It does, just not by default. Should it?

I guess we're at the stage where https is becoming more widespread and all supplied backends support https so I find it justifiable to change. However the only thing I did was provide a solution for this particular problem.

Answer 4 · 2018-04-06T12:23:22.000Z

I've just made a pull request. It's my first one so apologies if it's not up to standards #86