The page at https:/mydomain.duckdns.org:port/lovelace/summary_groups was allowed to display insecure content from http://img.youtube.com/vi/L4QC4eyE4NU/sddefault.jpg.
above is inspector in Mac Safari
Crome shows:
Mixed Content: The page at 'https://mydomain.duckdns.org:port/lovelace/summary_groups' was loaded over HTTPS, but requested an insecure image 'http://img.youtube.com/vi/L4QC4eyE4NU/sddefault.jpg'. This content should also be served over HTTPS.
While I have no pointer at all at any external source…
I have never seen this before, but am quite amazed to see this happen. Do we have a security issue here?
no idea, but i am not seeing it on my instance so i would be checking yours to see if there is an issue on that lovelace tab (summary_groups). maybe a custom card or something is loading it
tbh, I am experiencing several oddities after having updated the latest card-tools card, after which I have taken that out if the config. I seem to only miss out on the card-tools using the secondaryinfo-entity-row card. But now see this happening too.
Ill check by re-instating card-tools, and see what happens.
edit
before re-instating card-tools, I found this to be the culprit:
And I do think, I did check the Apple Conf app on one of my Apple tv’s. Apparently, checking the media_players, causes this top happen…
and re-instating card-tools doesnt make this go away. Only show the other oddities again
Think Ill have to file an issue with Thomas on either fold-entity-row, or auto-entities. Will start with the latter.
Copied from my GitHub response
This is unrelated to auto-entities. If you have a plain entity card, it will still show up.
Basically it gives you the art for the current playing thing, and when the media player API asked for the art, it gave a http URL.
In fairness anything that attracts an audience in the volume like HA does is bound to attract unwanted attention. HA is knocking the socks off the competition.