Embedding insecure flash objects on a secure page

Question

I am wondering if it is possible to embed a YouTube video on a https website. As far as I can tell YouTube videos can only be embedded with the http:// protocol. Is there a way to embed them on a page without Firefox throwing an error?

Answer 1

You could proxy the youtube stream through a secure server. What I mean is have a middle tier application that fetches the video feed from youtube and passes it through a secure connection back to your flash app.

Answer 2

I really do not know if this works, but you should give it a try:

• Instead of the YouTube player you use your own custom player (made by youself or take from the web, there are a lot out there. e.g.: JW Player) This player is served by your secure server.

• Before you play a video you have to call the Youtube API the recieve the source of you video:

  http://gdata.youtube.com/feeds/api/videos/VideoID

• Get you player streaming this video.

Within your player you should be able to allow recieving unsecure content from a secured website. You probably have to a little bit reading on the Flash Players security sandbox.

Answer 3

Since Youtube doesn't have a valid SSL certificate, this won't be possible. Perhaps you could instead embed a HTTP iFrame containing a YouTube video inside your https webpage? Streaming a video over SSL would be slow, so unless the video itself needs to be encrypted, you shouldn't use it. Since you're talking about streaming YouTube videos, I doubt you care about encrypting the actual video stream, just the request to view it.

Answer 4

Unfortunately, Youtube doesn't have a valid SSL certificate installed on the main part of its site. You can try using a proxy such as https://browseunblocked.com/