YouTube IFrame API generates mixed content warning with HTTPS + HTML5

Question

When I embed youtube on an HTTPS page using the iframe api in HTML5 mode , it still pulls the actual stream using HTTP, which generates a mixed content warning. Is this usecase

Answer 1

It seems that (as of October 2012) this is the expected behaviour and there are no plans to change it: https://code.google.com/p/gdata-issues/issues/detail?id=2964&can=1&q=youtube%20https&colspec=API%20ID%20Type%20Status%20Priority%20Stars%20Summary

Answer 2

You can fix this by configuring your iframe API script to look like this.

Use '//' for the tag src

var tag = document.createElement('script');
tag.src = "//www.youtube.com/iframe_api";
var firstScriptTag = document.getElementsByTagName('script')[0];
firstScriptTag.parentNode.insertBefore(tag, firstScriptTag);
var url = window.location.pathname; 

This will cause the player to load the resources using the same protocol as the page it is embedded on.