HTTPS网站上的Youtube Iframe [英] Youtube Iframe on HTTPS website
问题描述
我使用https在网站上添加了一个指向YouTube视频的iframe。尽管我使用https://嵌入了YouTube视频,但当我点击播放时,视频会加载http文件,导致浏览器安全图标不安全。我如何强制youtube只加载https文件?
我嵌入HTML:
< iframe id =ytplayertype =text / htmlwidth =480height =360src =// www.youtube.com/embed/-ZUrjLs48a8frameBorder =0的allowFullScreen>< / iframe中>
Google API文档:
iframe嵌入的YouTube Player API参考
作为额外的安全措施,您还应该在URL中包含origin参数,指定主机页的URL方案(http://或https://)和完整域作为参数值。尽管来源是可选的,包括它可以防止恶意的第三方JavaScript被注入到您的页面并劫持您的YouTube播放器。
>< iframe id =playertype =text / htmlwidth =640height =390src =http://www.youtube.com/embed/u1zgFlCw8Aw?enablejsapi=1& ; origin = http://example.com
frameborder =0>< / iframe>
I included an iframe pointing to a youtube video on a website using https. Although I embedded the youtube video with "https://", the video loads http-files when I click on play, rendering the browser security icon "unsafe". How do I force youtube to only load https files?
My embed HTML:
<iframe id="ytplayer" type="text/html" width="480" height="360" src="//www.youtube.com/embed/-ZUrjLs48a8" frameBorder="0" allowfullscreen></iframe>
Add a origin parameter to your URL as explained from the Google api documentation: YouTube Player API Reference for iframe Embeds
As an extra security measure, you should also include the origin parameter to the URL, specifying the URL scheme (http:// or https://) and full domain of your host page as the parameter value. While origin is optional, including it protects against malicious third-party JavaScript being injected into your page and hijacking control of your YouTube player.
<iframe id="player" type="text/html" width="640" height="390"
src="http://www.youtube.com/embed/u1zgFlCw8Aw?enablejsapi=1&origin=http://example.com"
frameborder="0"></iframe>
这篇关于HTTPS网站上的Youtube Iframe的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!