non-https media

[mjangda]

AMP requires that all content in amp-* components be https. We need to find a way to elegantly handle this. Should we just let it fail and have AMP raise an error? Or should we remove the element completely?

[bcampeau]

I'm working on this right now for both non-https media and for non-https iframes in content. There is no way for us to be certain an https version exists, so I think the most elegant way is to strip it out.

I'm probably going to handle this in the theme, unless you'd like to see this updated in the plugin.

[coreymckrill]

Related: #354

[westonruter]

There is no way for us to be certain an https version exists, so I think the most elegant way is to strip it out.

We could do HEAD requests to both the HTTP and HTTPS versions to see if they return the same headers. If so, we could then remember that and automatically rewrite the HTTP URLs to use HTTPS for a given domain.

Otherwise, something we could consider is implement a WP-based proxy to pass-through HTTP resources as HTTPS. It would be a hack. Existing implementation: https://github.com/xwp/wp-customize-widgets-plus/blob/master/php/class-https-resource-proxy.php

[westonruter]

Related: #2006, #2199.

[westonruter]

Fallbacks for iframes and media elements have been implemented in #1913 and #1861. I think this is all we can do here.