Uploading/selecting an insecure featured image doesn't throw any warnings about insecure-content-warning HOT 4 CLOSED

I can see the argument that because it's on the edit screen it could be seen as a part of handling "content" warnings, but I'm moving this to 1.1.0 for two reasons:

1. I am not sure what the situation is where the admin isn't using HTTPS with this plugin at this point, so if it's an HTTP-only featured image for some reason you are going to get a browser warning as it is.
2. This seems to me to be a broader media library-as-content issue, so before jumping in we should at least take a minute to figure out what the scope is as related to the media library, and probably hold to see what the usage and demand is like on this plugin before proceeding further.

from insecure-content-warning.

WP 5.7 added the ability for content to be updated from HTTP to HTTPS more gracefully, so yes let's go ahead and close this for now but if there are community reports of issues with media library content then we can re-investigate more detailed messaging for users on how to update their site with SSL & HTTPS.

from insecure-content-warning.

@Sidsector9 The featured image URL will use the same URI scheme as the site URL. So if the site is using HTTPS, the featured image on the front end will use HTTPS too. Am I missing other cases here? If yes, can you provide steps to reproduce?

cc @dkotter

from insecure-content-warning.

@dinhtungdu I had similar thoughts. But I came across a rare scenario where the media is uploaded before HTTPS is enabled. In this scenario the URLs stored in the DB are still HTTP, moreover the HTTP version of the image can be retrieved on the frontend if poorly implemented. I think the enhancement can serve at most to warn users of the image URLs stored in the DB. Any thoughts on this?

from insecure-content-warning.