HTTPS streams in cards


#1

The Cards docs specify that all content (iframe, assets and stream) are required to be served over HTTPS:

https://dev.twitter.com/docs/cards (under “A Few Simple Rules”)

However, currently approved twitter cards, e.g. this one from Soundtracking, do not follow this. For ex:

https://soundtracking.com/posts/50fdc6b81d283477ce000023.twitter

When you play the stream, the SSL lock breaks (orange warning) in every browser I’ve tested in.

Are we expected to wrap audio streams in SSL? It does not appear other developers do so currently.


#2

Hi Arkadiy,

Thanks for the question. While we recommend using HTTPS for all the resources, we understand it can be challenging for the actual video or audio streams. Our policy is that a Player Card should not generate active mixed content browser warnings at any point during the audio or video experience. In other words, the browser address bar must maintain a “secure” state. On Chrome, it means the yellow lock is accepted, while the red lock is not.

Please check out the last item on [node:20401] about “Active Mixed Content/SSL” and let us know if we can help further.