Display YouTube over SSL? - Posted (1491 Views)
Astralis
Senior Member
Astralis
Posts: 1218
1218
If I embed a YouTube video on a https page I get mixed security errors in Explorer, for obvious reasons.
How can I get around it with IIS or ASP?
Here is a solution for APACHE:
http://www.askapache.com/htaccess/mixed-ssl-content-warning-secure-fixed.html<
 Sort direction, for dates DESC means newest first  
 Page size 
Posted
SiSL
Average Member
SiSL
Posts: 671
671
This is a rewrite solution.

It is simply is a redirection. You can make a tunneling ASP (may be) that allows you to redirect that ASP page like changing all www.youtube.com to https://yoursecuresite/yoursecuredir/youtube.asp?url= etc.
So try Response.Redirect method in that youtube.asp
<
CHIP Online Forum
My Mods Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
Posted
Astralis
Senior Member
Astralis
Posts: 1218
1218
SiSl,

I'm not sure how that works because I need to embed the flash script in the HTTPS page. I don't think a response.redirect will tunnel this. Do you?<
Posted
SiSL
Average Member
SiSL
Posts: 671
671
I think it might...
If I were you, I'd try making a default embed code, instead of URL of youtube, make embedded object src to your own ASP with a variable... Then in your own ASP, try make it fake content-type Response.ContentType = "flash/swf" or whatever it is.. Then just response.Redirect to original content...
It works with images why not objects

<
CHIP Online Forum
My Mods Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
Posted
SiSL
Average Member
SiSL
Posts: 671
671
So I made a sample for you, could not get video to load may be (certainly will look into it) yet, I can embed player with no notification...
https://www.chip.com.tr/test/

As for ASP code, I used for now:

Code:
<% Response.ContentType = "application/x-shockwave-flash" 
Response.Redirect("http://www.youtube.com/v/" & request("url") & "&hl=en")
Response.Flush
Response.End
%>

On the other hand, you can just use new player such as JW player to embed youtube vids in it.
Another method to use APACHE version fix with ISAPI_Rewrite from Helicontech<
CHIP Online Forum
My Mods Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
Last edited by SiSL on 19 May 2008, 19:21
Posted
Carefree
Advanced Member
Carefree
Posts: 4224
4224
If you don't want users to have to strip off the actual video code from the YouTube URL, then you need to change your Response. Redirect to something like this:
Code:

Response.Redirect("http://www.youtube.com/v/" & right(Request.Form("url"),11) & "&hl=en")

That way, you paste the entire link into your request box without having to remember 11 scrambled characters.<
Posted
Carefree
Advanced Member
Carefree
Posts: 4224
4224
I looked at your source code for your page, you have two different URLs being provided to the script, neither of which includes the youtube web address. It cannot possibly work.<
Posted
Carefree
Advanced Member
Carefree
Posts: 4224
4224
Also, it will give you access denied errors unless you eliminate the Response.ContentType line.
Here, this will allow you to use an input script for the video url (strvurl) and it'll work. You'll still get the "insecure" message, but it'll play in a secure website. You cannot use https for the preface to youtube, it isn't a secure site.
Code:

%>
<object width="425" height="355">
<param name="movie" value="<%=strvurl%>"></param>
<param name="wmode" value="transparent"></param>
<param name="autostart" value="true"></param>
<param name="autoplay" value="true"></param>
<param name="transparentatstart" value="true"></param>
<param name="codebase" value=""></param>
<param name="codetype" value="application/x-shockwave-flash"></param>
<embed src="<%=strvurl%>" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed>
</object>
<%

For a functional YouTube page for your forum, get it here:
http://98.25.191.199/youtube.txt

This has limited use, in my opinion. You would need to know all of the YouTube video addresses, and if you've gone there to get them, you can more easily watch them there.<
Last edited by Carefree on 30 May 2008, 21:32
Posted
Astralis
Senior Member
Astralis
Posts: 1218
1218
SiSl,

Your test won't play in IE7.<
Posted
SiSL
Average Member
SiSL
Posts: 671
671
Yes, I said video is not playing yet, loader works.<
CHIP Online Forum
My Mods Select All Code | Fix a vulnerability for your private messages | Avatar Categories W/ Avatar Gallery Mod | Complaint Manager Admin Level Revisited | Merge Forums | No More Nested Quotes Mod
Posted
Astralis
Senior Member
Astralis
Posts: 1218
1218
ah...your video plays in Firfox, though. Go figure.
Why do you think IE won't play it?<
You Must enter a message